SonarQube Community Build | Server installation and setup | From Docker image | Advanced setup

Docker installation advanced setup

Self Signed Certificates of DevOps platforms

In our official Docker images, you can find the systems truststore in <JAVA_HOME>/lib/security/cacerts. In order to add new certificates here as well you can:

Bind mount an existing truststore containing your certificates to <JAVA_HOME>/lib/security/cacerts.

Example

docker run -d --name sonarqube -v /path/to/your/cacerts.truststore:/opt/java/openjdk/lib/security/cacerts:ro -p 9000:9000 sonarqube

Import your CA certificate the same way as in the zip installation but inside the container.

Changing SonarQube DNS cache TTL

When reporting Quality Gate status to DevOps platforms, SonarQube uses a DNS cache time to live policy of 30 seconds. If necessary, you can change this setting in your JVM:

echo "networkaddress.cache.ttl=5" >> "${JAVA_HOME}/conf/security/java.security"

Please be aware that low values increase the risk of DNS spoofing attacks.

Adjusting Java executable path

By default, the scripts will use the Java executable available in the PATH. If multiple versions of Java are installed on your server, you may need to explicitly define which version is used.

It is possible to overwrite the default Java executable by setting the environmental variable SONAR_JAVA_PATH.

Linux

export SONAR_JAVA_PATH="path/to/java_home/bin/java"

Windows

setx SONAR_JAVA_PATH "C:\Program Files\java_home\bin\java.exe"

Enabling IPv6

When you run your Docker container:

Enable IPv6 in the JVM by setting the JAVA_TOOL_OPTIONS environment variable to -Djava.net.preferIPv6Addresses=true.
Enable IPv6 in SonarQube by setting the SONAR_WEB_JAVAADDITIONALOPTS environment variable (system property) to -Djava.net.preferIPv6Addresses=true.

See below for instructions depending on the Docker tool used.

With docker-run

Set the environment variables in the docker run command as illustrated below.

docker run -d --name sonarqube \
    -p 9000:9000 \
    -e JAVA_TOOL_OPTIONS="-Djava.net.preferIPv6Addresses=true" \
    -e SONAR_WEB_JAVAADDITIONALOPTS="-Djava.net.preferIPv6Addresses=true" \
    ...  \
    <image_name>

For image_name, check the tags currently available on the DockerHub page.

With docker-compose

Set the environment variables in the environment section of the .yml file as illustrated below.

...
environment:
      SONAR_JDBC_URL: jdbc:postgresql://db:5432/sonar
      SONAR_JDBC_USERNAME: sonar
      SONAR_JDBC_PASSWORD: sonar
      JAVA_TOOL_OPTIONS: ‘-Djava.net.preferIPv6Addresses=true’
      SONAR_WEB_JAVAADDITIONALOPTS: ‘-Djava.net.preferIPv6Addresses=true’

...

Keeping user sessions alive on server restart

To maintain your user sessions accross server restarts:

Store the JWT token you generated during pre-installation steps in the SONAR_AUTH_JWTBASE64HS256SECRET system property.

Docker installation overview
Docker installation with basic setup
Configuring network security features:
- Securing SonarQube Community Build behind a proxy
- Configuring network rules
Starting SonarQube container
Setting system properties

Was this page helpful?