Camunda manual installation
This page guides you through the manual installation of Camunda 8 on a local machine, bare metal server, or virtual machine.
Prerequisites
- Bare metal or virtual machine
- Operating system:
- Linux
- Windows, macOS, and other operating systems are supported for development only and not for production.
- Java Virtual Machine. See supported environments for version details.
- Configure the web applications to use an available port. By default, the Orchestration Cluster listens on port 8080.
- Operating system:
- Secondary storage
- Elasticsearch or Amazon OpenSearch. See supported environments for version details.
- For Elasticsearch deployment options, see the Elasticsearch documentation.
- Elasticsearch or Amazon OpenSearch. See supported environments for version details.
For suggested minimum hardware requirements and networking, see the manual reference architecture requirements.
There are known performance limitations on systems that use musl
instead of glibc
, because Java relies on glibc
for running native libraries. For example, Alpine Linux, which uses musl
, has shown performance degradation compared to Debian or Ubuntu in benchmark tests.
The following components are not supported for manual installation:
- Management Identity
- Optimize
- Web Modeler
To install these components, use one of the supported methods:
Download artifacts
Download the required Camunda 8 artifacts from the following sources. Make sure that all artifacts use the same minor version to ensure compatibility.
Orchestration Cluster:
- File names follow the pattern
camunda-zeebe-x.y.z.(zip|tar.gz)
. - Maven Central - Select a version, then click Browse to view downloadable files such as
.zip
or.tar.gz
. - Artifactory - Select a version, then browse the files to download.
- GitHub - Select a release to download the files.
Connectors:
-
Bundle (includes pre-bundled connectors from Camunda)
- File names follow the pattern
connector-runtime-bundle-x.y.z-with-dependencies.jar
. - Maven Central - Select a version, then click Browse to view the
.jar
. - Artifactory - Select a version, then browse the files to download.
- File names follow the pattern
-
Runtime-only
- File names follow the pattern
connector-runtime-application-x.y.z.jar
. - Maven Central - Select a version, then click Browse to view the
.jar
. - Artifactory - Select a version, then browse the files to download.
- File names follow the pattern
Some out-of-the-box connectors are licensed under the Camunda Self-Managed Free Edition license. See Camunda Connectors Bundle project for an overview.
Reference architecture
Review the following reference architectures for deployment guidance:
- Manual reference architecture - Provides an overview of the environment and requirements.
- Amazon EC2 - A reference architecture built on Amazon Web Services (AWS) using Elastic Compute Cloud (EC2) with Ubuntu, and Amazon OpenSearch as the secondary storage.
Orchestration Cluster
For background, see the Orchestration Cluster glossary entry.
For architecture details, review the architecture.
For configuration details, see the Orchestration Cluster components.
Configure the Orchestration Cluster
By default, the configuration uses a single-node orchestration cluster with a local Elasticsearch instance as the secondary storage. If this setup matches your environment, no additional configuration is required.
If you plan to:
- Add more nodes to the cluster
- Use a different external secondary storage
- Enable Connectors
- Apply a license key
You need to make targeted configuration changes. The following sections outline the minimum required adjustments for each use case. Combine these changes into a single application.yaml
under the appropriate configuration keys, or export them as environment variables.
For detailed configuration options and advanced setup guidance, refer to each component’s documentation under the Orchestration cluster section.
Configuration is being unified across components. Some changes will only take effect in future versions, so you may see a mix of old and new configuration options.
Configure the secondary storage
Set the secondary storage type value to elasticsearch
or opensearch
. Remove fields that do not apply to your selection.
If your security settings require authentication for the secondary storage, configure both username
and password
.
Omit these fields if authentication is not required.
The following configuration defines how the Orchestration Cluster connects to secondary storage (Elasticsearch or OpenSearch). This applies to the included Operate, Tasklist, Identity, and Camunda Exporter.
For detailed configuration options, see the Orchestration Cluster configuration
- Environment variables
- application.yaml
CAMUNDA_DATA_SECONDARYSTORAGE_TYPE=elasticsearch|opensearch # defaults to elasticsearch
# Elasticsearch
CAMUNDA_DATA_SECONDARYSTORAGE_ELASTICSEARCH_URL=http://localhost:9200
CAMUNDA_DATA_SECONDARYSTORAGE_ELASTICSEARCH_USERNAME=
CAMUNDA_DATA_SECONDARYSTORAGE_ELASTICSEARCH_PASSWORD=
# OpenSearch
CAMUNDA_DATA_SECONDARYSTORAGE_OPENSEARCH_URL=http://localhost:9200
CAMUNDA_DATA_SECONDARYSTORAGE_OPENSEARCH_USERNAME=
CAMUNDA_DATA_SECONDARYSTORAGE_OPENSEARCH_PASSWORD=
camunda:
data:
type: elasticsearch|opensearch # defaults to elasticsearch
secondary-storage:
# Elasticsearch
elasticsearch:
url: http://localhost:9200
username:
password:
# OpenSearch
opensearch:
url: http://localhost:9200
username:
password:
Configure a multi-broker cluster
This example shows a 3-broker cluster.
- Set
size
to3
. - Assign a unique
node-id
to each broker, starting from0
and incrementing up to the total number of brokers (0
,1
,2
). - Use the same
initial-contact-points
on all brokers.
For more details, see the Zeebe broker cluster configuration.
- Environment variables
- application.yaml
CAMUNDA_CLUSTER_SIZE=3
CAMUNDA_CLUSTER_NODEID=0 # unique ID of this broker node in a cluster. The ID should be between 0 and number of nodes in the cluster (exclusive).
ZEEBE_BROKER_CLUSTER_INITIALCONTACTPOINTS=HOST_0:26502,HOST_1:26502,HOST_2:26502
camunda:
cluster:
size: 3
node-id: 0 # unique ID of this broker node in a cluster. The ID should be between 0 and number of nodes in the cluster (exclusive).
zeebe:
broker:
cluster:
initial-contact-points: [HOST_0:26502, HOST_1:26502, HOST_2:26502]
Configure Connectors authentication
Connectors require authentication to use their full capabilities. By default, the Orchestration Cluster uses basic authentication. You can configure the cluster to automatically create a user with the necessary permissions at startup.
If you don’t configure a user at startup, create one manually in the Identity UI after deployment.
For more details, see Identity configuration overview.
- Environment variables
- application.yaml
CAMUNDA_SECURITY_INITIALIZATION_USERS_1_USERNAME=connectors
CAMUNDA_SECURITY_INITIALIZATION_USERS_1_PASSWORD=connectors
CAMUNDA_SECURITY_INITIALIZATION_USERS_1_NAME="Connectors User"
CAMUNDA_SECURITY_INITIALIZATION_USERS_1_EMAIL=connectors@company.com
CAMUNDA_SECURITY_INITIALIZATION_DEFAULTROLES_CONNECTORS_USERS_0=connectors
camunda:
security:
initialization:
users:
- username: connectors
password: connectors
name: Connectors User
email: connectors@company.com
default-roles:
connectors:
users:
- connectors
Configure the license key
If your Camunda 8 Self-Managed installation requires a license, provide the license key in one of the following ways:
- Environment variables
- application.yaml
CAMUNDA_LICENSE_KEY=""
camunda:
license:
key: >-
--------------- BEGIN CAMUNDA LICENSE KEY ---------------
[...]
--------------- END CAMUNDA LICENSE KEY ---------------
Run the Orchestration Cluster
Once you've downloaded the Orchestration Cluster distribution, extract it into a folder.
-
Extract the files using your GUI or CLI:
mkdir -p camunda && unzip camunda-zeebe-x.y.z.zip -d camunda
mkdir -p camunda && tar -xzf camunda-zeebe-x.y.z.tar.gz -C camunda -
Open the extracted folder.
-
Update the configuration in
config/application.yaml
, or export the environment variables. -
Navigate to
bin
folder. -
Run
camunda.sh
(Linux/macOS) orcamunda.bat
(Windows). -
Open http://localhost:8080. On first access, you’ll be asked to create an admin user unless Identity is configured with OIDC or a similar option.
Camunda 8 components without a valid license may display Non-Production License in the navigation bar and issue warnings in the logs. These warnings don’t affect startup or functionality, except that Web Modeler is limited to five users. To obtain a license, visit the Camunda Enterprise page.
Run the Orchestration Cluster as a service
This example shows how to run the Orchestration Cluster as a systemd
service on Ubuntu. Adjust the paths, user, and group as needed for your environment. The example uses a file with environment variables, but you can adapt it to use an application.yaml
instead.
-
Create a
systemd
service file namedcamunda.service
and adjust it fit your own paths, user and group in/etc/systemd/system/camunda.service
.generic/compute/debian/configs/camunda.serviceloading...
-
Change the permissions on
/etc/systemd/system/camunda.service
to644
:sudo chmod 644 /etc/systemd/system/camunda.service
-
Reload
systemd
and start the new service:sudo systemctl daemon-reload
sudo systemctl start camunda.service -
Verify that the service is running:
systemctl status camunda.service
View logs with:
journalctl -e -u camunda
Verify the Orchestration Cluster
Check the logs for a successful startup message, such as:
[2025-08-05 13:34:51.964] [main] INFO
org.springframework.boot.web.embedded.tomcat.TomcatWebServer - Tomcat started on port 8080 (http) with context path '/'
...
[2025-08-05 13:34:52.006] [main] INFO
org.springframework.boot.web.embedded.tomcat.TomcatWebServer - Tomcat initialized with port 9600 (http)
[2025-08-05 13:34:52.048] [main] INFO
org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext - Root WebApplicationContext: initialization completed in 79 ms
[2025-08-05 13:34:52.054] [main] INFO
org.springframework.boot.actuate.endpoint.web.EndpointLinksResolver - Exposing 17 endpoints beneath base path '/actuator'
[2025-08-05 13:34:52.078] [main] INFO
org.springframework.boot.web.embedded.tomcat.TomcatWebServer - Tomcat started on port 9600 (http) with context path '/'
[2025-08-05 13:34:52.088] [main] INFO
io.camunda.application.StandaloneCamunda - Started StandaloneCamunda in 9.376 seconds (process running for 9.817)
Check the cluster topology with the Orchestration Cluster REST API:
# replace username and password with the details of the admin user you created on first startup
curl -u username:password -L 'http://localhost:8080/v2/topology' \
-H 'Accept: application/json'
Example output
// amount of brokers, size, partitions etc. depends on your configuration
// Example: 1 broker, 3 partitions
{
"brokers": [
{
"nodeId": 0,
"host": "HOST_0",
"port": 26501,
"partitions": [
{
"partitionId": 1,
"role": "leader",
"health": "healthy"
},
{
"partitionId": 2,
"role": "leader",
"health": "healthy"
},
{
"partitionId": 3,
"role": "leader",
"health": "healthy"
}
],
"version": "8.8.0"
}
],
"clusterSize": 1,
"partitionsCount": 3,
"replicationFactor": 1,
"gatewayVersion": "8.8.0",
"lastCompletedChangeId": "-1"
}
// amount of brokers, size, partitions etc. depends on your configuration
// Example: 1 broker, 3 partitions
{
"brokers": [
{
"nodeId": 0,
"host": "HOST_0",
"port": 26501,
"partitions": [
{
"partitionId": 1,
"role": "leader",
"health": "healthy"
},
{
"partitionId": 2,
"role": "leader",
"health": "healthy"
},
{
"partitionId": 3,
"role": "leader",
"health": "healthy"
}
],
"version": "8.8.0"
}
],
"clusterSize": 1,
"partitionsCount": 3,
"replicationFactor": 1,
"gatewayVersion": "8.8.0",
"lastCompletedChangeId": "-1"
}
Check the health status of the Orchestration Cluster with the actuator endpoint:
curl localhost:9600/actuator/health
Example output
{
"status": "UP",
"groups": ["liveness", "readiness", "startup", "status"],
"components": {
"brokerReady": {
"status": "UP"
},
"brokerStartup": {
"status": "UP"
},
"brokerStatus": {
"status": "UP"
},
"indicesCheck": {
"status": "UP"
},
"livenessState": {
"status": "UP"
},
"readinessState": {
"status": "UP"
},
"searchEngineCheck": {
"status": "UP"
}
}
}
{
"status": "UP",
"groups": ["liveness", "readiness", "startup", "status"],
"components": {
"brokerReady": {
"status": "UP"
},
"brokerStartup": {
"status": "UP"
},
"brokerStatus": {
"status": "UP"
},
"indicesCheck": {
"status": "UP"
},
"livenessState": {
"status": "UP"
},
"readinessState": {
"status": "UP"
},
"searchEngineCheck": {
"status": "UP"
}
}
}
Connectors
For background, see the Connectors glossary entry.
For architecture details, review the architecture.
For configuration options, see the Connectors components documentation.
Configure Connectors
If you run Connectors on the same machine as the Orchestration Cluster, change the default port (8080
) to avoid conflicts.
Connectors require authentication to communicate with the Orchestration Cluster REST API and Zeebe.
By default, Connectors connect to:
localhost:8080
(Orchestration Cluster REST API)localhost:26500
(Zeebe)
- Environment variables
- application.yaml
SERVER_PORT=9090
CAMUNDA_CLIENT_RESTADDRESS=http://localhost:8080
CAMUNDA_CLIENT_GRPCADDRESS=http://localhost:26500
CAMUNDA_CLIENT_MODE=selfManaged
CAMUNDA_CLIENT_AUTH_METHOD=basic
CAMUNDA_CLIENT_AUTH_USERNAME=connectors
CAMUNDA_CLIENT_AUTH_PASSWORD=connectors
Save the following as application.yaml
in the same folder as your connector-runtime-(application|bundle)-x-y-z(-with-dependencies).jar
.
server:
port: 9090
camunda:
client:
rest-address: http://localhost:8080
grpc-address: http://localhost:26500
mode: selfManaged
auth:
method: basic
username: connectors
password: connectors
For more information about the configuration of the Connectors, see Connectors configuration
Run Connectors
Both the pre-bundled and runtime-only versions of the Connectors behave the same at runtime. They automatically detect and register all connectors available on the classpath during execution. Each connector uses its default configuration as defined by the @OutboundConnector
or @InboundConnector
annotations.
Consider the following file structure:
/home/user/connectors $
├── connector-runtime-(application|bundle)-x.y.z(-with-dependencies).jar
└── my-custom-connector-0.1.0-SNAPSHOT-with-dependencies.jar
To start connectors bundle with all custom connectors locally, run:
java -cp "/home/user/connectors/*" "io.camunda.connector.runtime.app.ConnectorRuntimeApplication"
This starts a Zeebe client, registering the defined connector as a job worker. By default, it connects to a local Zeebe instance at port 26500
.
Run Connectors as a service
This example shows how to run the Connectors as a systemd
service on Ubuntu. Adjust the paths, user, and group as needed for your environment.
The example uses a file with environment variables, but you can adapt it to use an application.yaml
instead.
-
Create a
systemd
service file namedcamunda-connectors.service
and adjust it fit your own paths, user and group in/etc/systemd/system/camunda-connectors.service
.generic/compute/debian/configs/camunda-connectors.serviceloading...
-
Change the permissions on
/etc/systemd/system/camunda-connectors.service
to644
:sudo chmod 644 /etc/systemd/system/camunda-connectors.service
-
Reload
systemd
and start the service:sudo systemctl daemon-reload
sudo systemctl start camunda-connectors.service -
Verify that the service is running:
systemctl status camunda-connectors.service
View logs with:
journalctl -e -u camunda-connectors
Verify Connectors
Check the logs for a successful startup message, such as:
2025-08-05T14:49:58.641+02:00 INFO 99856 --- [ main] o.s.b.a.e.web.EndpointLinksResolver : Exposing 3 endpoints beneath base path '/actuator'
2025-08-05T14:49:58.666+02:00 INFO 99856 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port 9090 (http) with context path '/'
2025-08-05T14:49:58.702+02:00 INFO 99856 --- [ main] i.c.c.r.app.ConnectorRuntimeApplication : Started ConnectorRuntimeApplication in 1.286 seconds (process running for 1.386)
Check the health status of Connectors with the actuator endpoint:
curl localhost:9090/actuator/health
Example output
{
"status": "UP",
"groups": ["readiness"],
"components": {
"camundaClient": {
"status": "UP"
},
"diskSpace": {
"status": "UP",
"details": {
"total": -1,
"free": -1,
"threshold": -1,
"path": "/home/user/connectors/.",
"exists": true
}
},
"ping": {
"status": "UP"
},
"processDefinitionImport": {
"status": "UP",
"details": {
"operateEnabled": true
}
},
"ssl": {
"status": "UP",
"details": {
"validChains": [],
"invalidChains": []
}
},
"zeebeClient": {
"status": "UP",
"details": {
"numBrokers": 1,
"anyPartitionHealthy": true
}
}
}
}
{
"status": "UP",
"groups": ["readiness"],
"components": {
"camundaClient": {
"status": "UP"
},
"diskSpace": {
"status": "UP",
"details": {
"total": -1,
"free": -1,
"threshold": -1,
"path": "/home/user/connectors/.",
"exists": true
}
},
"ping": {
"status": "UP"
},
"processDefinitionImport": {
"status": "UP",
"details": {
"operateEnabled": true
}
},
"ssl": {
"status": "UP",
"details": {
"validChains": [],
"invalidChains": []
}
},
"zeebeClient": {
"status": "UP",
"details": {
"numBrokers": 1,
"anyPartitionHealthy": true
}
}
}
}
Next steps
After setting up your cluster, many users typically do the following:
- Connect to an identity provider – integrate with an external identity system for authentication.
- Secure cluster communication – protect traffic between cluster nodes.
- Secure client communication – ensure secure communication between clients and the cluster.