Container Private Cloud Authentication

  • Last update:June 22, 2026
  • iconNote:

    This document applies only to projects that are not deployed via the O&M platform, where you need to manually create an authorization server.

    For projects deployed via the O&M platform:

    In external network environments, it is recommended to use Public Cloud Authentication.

    In internal network environments, it is recommended to use the O&M platform for New Project Registration.

    Overview

    Version

    Report Server Version

    Functional Change

    11.0.10

    /

    11.0.18

    Optimized the registration failure prompt (providing specific reasons for the registration failure to help you troubleshoot problems).

    11.5.11Supported authentication without QR code scanning after the authorization server is restarted (subject to version and license validity requirements; for details, see the section "Registering After Restarting the Authorization Server").

    Application Scenarios

    The project is deployed in a Docker container, so it cannot bind the machine instruction code or the MAC address. In this case, local machine information authentication and private cloud authentication are not available.

    FineReport cannot connect to the external network, so public cloud authentication is not available.

    You may need to authorize multiple FineReport projects by one license server, so the local container authentication is not available.

    Functions

    You can use Private Cloud for authentication, which is suitable for containerized deployment projects.

    You need to prepare two environments:

    1. License server: used to upload the image file for starting the private cloud in the Docker container.

    2. Project server: the server where FineReport or Fine BI is located

    Notes

    1. The license server and the project server can share the same server or be deployed separately on two servers. Ensure that they can be connected through the network.

    2. Whether re-authentication via QR code scanning is required after the authorization server is restarted depends on the project version, the acquisition time for the license, and the project configuration type. For details, see the section "Registering After Restarting the Authorization Server."

    3. In FineReport 11.0.18 and later versions, the registration failure time and reasons will be displayed in a table in System Management > Registration Management > Version Information > Registration Information to help you troubleshoot problems.

    iconNote: In a cluster environment, the failure reasons may vary in different nodes, and the failure reasons for each node will be displayed.

    Registration Procedures

    Getting the License File

    Use the email account required in the contract to send registration information to the FineReport business team ( business@fanruan.com). The format of the email is as follows.

    After confirmation, FanRuan will generate the fanruan_license_server.tar image file of the license server and send it to you via email.

    iconNote:
    If there are any problems, describe them in the email.


    List

    Requirement

    Notes

    Contact in advance

    Contact FanRuan sales personnel in advance to confirm and sign the contract.

    /

    Sender

    Use the email account required in the contract.

    FanRuan will not reply to senders other than the required email account.

    Receiver

    business@fanruan.com

    /

    Title

    FineReport License File for Company name

    If your company name is not mentioned in the registration information, the email will not be replied.

    Body

    Basic information

    Company name: Company name

    Project name: Project name

    Contract signing date: YYYY-MM-DD

    /

    Registration method

    Private Cloud AUTH

    /

    Maximum number of registrations

    Number of nodes of a cluster project

    Defaults to 1 if not required.

    You do not need to provide this requirement if you use standalone project deployment.

    Project version

    Specify the minor project version and the JAR package version, which can be found in System Management > Registration Management > Version Information.


    Starting the License Server

    1. Load the fanruan_license_server.tar image file.

    docker load < fanruan_license_server.tar

    2. Check the loaded image file.

    There are arm64 and amd64 packages by default. You can select as needed. Take the amd64 package as an example.

    docker images

    3. Generate the container through the Docker image and map the directory.

    Take mapping /app/config to the D:\William\lic\config directory as an example.

    docker run -v /D/William/lic/config:/app/config -P -d fanruan_license_server_amd64:1.0.0


    iconNote: 

    1. The directory for mapping cannot contain spaces or special characters; otherwise, errors may occur.

    2. When you start the image file, it uses the HTTPS certificate of the container by default. Only localhost and 127.0.0.1 are supported. If you need other IP addresses and domain names, start the directory where the mapping certificate is located and use your certificate.

    3. When -P is used, Docker will bind the container to a random port that has not been used from 49153 to 65353. The host port 49155 in the following text is one of them.

    If you want to use one specific host port, modify -P to -p Host port:Container port in the start command.

    4. The container directory description is shown in the following table. If you need to map multiple directories, add -v between different directories.

    For example, to map /app/config to the D:\William\lic\config directory and /app/log to the D:\William\lic\log directory, the command is docker run -v /D/William/lic/config:/app/config -v /D/William/lic/log:/app/log -P -d fanruan_license_server_amd64:1.0.0.


    Directory

    Description

    Requirements for Mapping

    /app/config

    Directory for generating the privateConfig file

    Mapping is required to prevent errors during the second container startup.

    /app/log

    Log directory

    Optional

    Convenient to obtain logs with mapping.

    /app/tls

    Built-in HTTPS certificate of the container

    Optional

    If not mapped, only connections from localhost and 127.0.0.1 are supported by default when Private Cloud is used for authentication.

    /app/web

    QR code front-end file

    Cannot be mapped.

    Mapping will lead to failure to access the page.

    4. List the information about the container that is running.

    docker ps

    Submitting the Authentication

    The Docker container port 8081 is mapped to the host port 49155. For details, see the Starting the License Server section.

    Access https://172.16.63.131:49155/license/qrcode to scan the QR code for authentication. You need to modify the IP address and port number as needed.

    Scan the generated QR code with the browser of your phone, and you will get a six-digit verification code. Enter the verification code in the system, and click Submit

    iconNote: 

    1. The QR code will expire in five minutes. After five minutes, you need to refresh the QR code manually.

    2. After getting the verification code by scanning the QR code, you are advised to register as soon as possible and not to restart the project before completing the registration.

    3. To prevent brute force cracking and frequent port access, if you have entered incorrect verification codes more than five times, try again 15 minutes later.


    Report Server Verifying the License

    Log in to the decision-making platform as the admin, and choose System Management > Registration Management > Version Information > Register Now.

    Select Private Cloud as AUTH Method. Enter the IP address and listening port of the license server in Server Address, for example, https://172.16.63.131:49155, and click Submit.

    iconNote: Ensure that the report server can access the license server.


    The successful authentication interface is shown in the following figure.

    iconNote: 

    1. Max Connections refers to the maximum number of projects that can apply to the license server for registration simultaneously.

    2. If the authentication fails, check the firewall settings and open the corresponding port or disable the firewall.


    Registration Failure

    In FineReport earlier than V 11.0.18, if the registration fails, there will be a pop-up window: Failed. Please authenticate again.

    FineReport 11.0.18 and later versions optimized the registration failure prompt. If the registration fails, the pop-up window will prompt the specific failure reasons to help you troubleshoot problems.

    Standalone Environment Registration Failure

    If registration fails, there will be a pop-up window prompting the specific failure reasons. Click Details to view the specific reasons or troubleshooting solutions.

    Click Back to return to the registration interface. Registration Failed and Failure Reason are provided in Registration Information. Click View Error Details to see specific reasons and troubleshooting solutions.

    Cluster Environment Registration Failure

    The reasons for registration failure may vary in different nodes. There will be a pop-up window prompting the failure reasons of every node. Click Details to see specific reasons or troubleshooting solutions.

    Click Back to return to the registration interface. Failure reasons of every node are listed in a table in Registration Information. Click View Error Details to see the failure reasons or troubleshooting solutions.

    Failure Reason

    Registration failure reasons are shown in the following table. You can troubleshoot according to the reasons and solutions.

    iconNote:

    1. Reasons other than the following ones will lead to the same error: The certificate content is incorrect.

    2. When there are multiple reasons, only the first one will be displayed.


    Error Code

    Error

    Explanation

    10000

    JSON_PARSER_ERROR

    Incorrect data format

    10001

    PARAM_INPUT_ERROR

    Incorrect parameter

    20000

    DO_NOT_NEED_DEACTIVATE

    This unauthorized machine does not need to be unbound. (This message appears during unbinding. It indicates that the machine does not require unbinding because it is not authorized.)

    30000

    LICENSE_EXPIRED

    Certificate expired

    30001

    REPORT_VERSION_ERROR

    Version mismatch

    30002

    ACCOUNT_STATUS_ERROR

    Abnormal account status 

    30003

    LICENSE_IP_ERROR

    Disallowed IP address

    30004

    LICENSE_DOMAIN_ERROR

    Disallowed domain name

    30005

    LICENSE_APPNAME_ERROR

    Disallowed app name

    30007

    REGISTER_OUT_OF_LIMIT

    The maximum license number has been reached.

    /

    The project server fails to connect to the cloud registration server.

    /

    Registration Migration

    Follow the steps to migrate the license server of projects that have been authenticated with the private cloud.

    Destroying the Original Project License

    Use the email address required in the contract to send an email to FineReport business team: business@fanruan.com.

    The body of the email should contain the IP address of the license server to be migrated. For example, the IP address in the Report Server Verifying the License section.

    FanRuan will destroy the section after confirmation and send an email to inform you.

    iconNote:
    Do not restart the license server to be migrated before receiving a clear response from FanRuan.


    Copying the privateConfig File

    1. Stop the authorization service container to be migrated. The procedure requires a certain level of Docker knowledge.

    2. Obtain the automatically generated privateConfig file in the /app/config directory of the container.

    Getting a New Authorization File

    Use the email address required in the contract to send an email to FineReport business team: business@fanruan.com.

    The format is the same as that in the Getting the License File section. Add the privateConfig file to the email.

    After confirmation, FanRuan will generate the fanruan_license_server.tar image file of the license server and send it to you via email.

    You can start a new license server to register by following the steps in the Registration Procedure section.

    Registering After Restarting the Authorization Server

    Whether re-authentication via QR code scanning is required after the authorization server is restarted depends on the project version, the acquisition time for the image of the authorization server, and the project configuration type.

    If container private cloud authentication is invalid, you do not need to re-upload the image file; you only need to complete the QR code authentication procedure described in the section "Submitting the Authentication" again.

    Project Version and Authorization Acquisition TimeProject Configuration TypeDescription After Restart
    FineReport 11.5.11 and later versions, and the authorization server image is obtained on or after 2026-05-20Cluster project (with the external configuration database, state server, and file server configured)
    • If any two or more of the external configuration database, state server, and file server are changed after a restart, re-registration via QR code scanning is required.

    • If none or only one of the above components is changed after a restart, the pre-restart project state can be obtained, and QR-code authentication is not required.

    Standalone project (with only the external configuration database configured, without a state server or file server)
    • If the external configuration database is changed after a restart, re-registration via QR code scanning is required.

    • If the external configuration database is not changed after a restart, the pre-restart project state can be obtained, and QR-code authentication is not required.

    Standalone project (with only the built-in configuration database configured, without a state server or file server)

    Re-registration via QR code scanning is required after a restart.
    FineReport 11.5.10 and earlier versions, or the authorization server image is obtained on or before 2026-05-19/



    Attachment List


    Theme: Deployment and Integration
    • Helpful
    • Not helpful
    • Only read

    滑鼠選中內容,快速回饋問題

    滑鼠選中存在疑惑的內容,即可快速回饋問題,我們將會跟進處理。

    不再提示

    10s後關閉

    Get
    Help
    Online Support
    Professional technical support is provided to quickly help you solve problems.
    Online support is available from 9:00-12:00 and 13:30-17:30 on weekdays.
    Page Feedback
    You can provide suggestions and feedback for the current web page.
    Pre-Sales Consultation
    Business Consultation
    Business: international@fanruan.com
    Support: support@fanruan.com
    Page Feedback
    *Problem Type
    Cannot be empty
    Problem Description
    0/1000
    Cannot be empty

    Submitted successfully

    Network busy