# Advanced setup

## Self Signed Certificates of DevOps platforms <a href="#selfsigned-certificates" id="selfsigned-certificates"></a>

In a ZIP installation, the systems truststore can be found in `$JAVA_HOME/lib/security/cacerts`. In order to add a new certificate to the truststore you can use the following command as an example:

```sh
keytool -importcert -file $PATH_TO_CERTIFICATE -alias $CERTIFICATE_NAME -keystore /$JAVA_HOME/lib/security/cacerts -storepass changeit -trustcacerts -noprompt
```

## Changing SonarQube DNS cache TTL <a href="#dns-cache" id="dns-cache"></a>

When reporting Quality Gate status to DevOps platforms, SonarQube uses a DNS cache time to live policy of 30 seconds. If necessary, you can change this setting in your JVM:

```sh
echo "networkaddress.cache.ttl=5" >> "${JAVA_HOME}/conf/security/java.security" 
```

Please be aware that low values increase the risk of DNS spoofing attacks.

## Adjusting Java executable path <a href="#adjusting-java-exec-path" id="adjusting-java-exec-path"></a>

By default, the scripts will use the Java executable available in the PATH. If multiple versions of Java are installed on your server, you may need to explicitly define which version is used.

It is possible to overwrite the default Java executable by setting the environmental variable `SONAR_JAVA_PATH`.

<details>

<summary>Linux</summary>

```sh
export SONAR_JAVA_PATH="path/to/java_home/bin/java"
```

</details>

<details>

<summary>Windows</summary>

```sh
setx SONAR_JAVA_PATH "C:\Program Files\java_home\bin\java.exe"
```

</details>

## Enabling IPv6 <a href="#enabling-ipv6" id="enabling-ipv6"></a>

On your SonarQube host:

1. Enable IPv6 in the JVM by setting the `JAVA_TOOL_OPTIONS` environment variable to `-Djava.net.preferIPv6Addresses=true`.
2. Enable IPv6 in SonarQube by setting the `sonar.web.javaAdditionalOpts` system property to `-Djava.net.preferIPv6Addresses=true` in the SonarQube configuration file (`<sonarQubeHome>/conf/sonar.properties`).

## Keeping user sessions alive on server restart <a href="#keeping-user-sessions" id="keeping-user-sessions"></a>

To maintain your user sessions accross server restarts:

* Store the JWT token you generated during pre-installation (see [jwt-token](https://docs.sonarsource.com/sonarqube-community-build/server-installation/pre-installation/jwt-token "mention")) in the `sonar.auth.jwtBase64Hs256Secret` system property. See [configuration-methods](https://docs.sonarsource.com/sonarqube-community-build/server-installation/system-properties/configuration-methods "mention").

In case of a Data Center Edition, the same token must be stored on each application node.

## Related pages <a href="#related-pages" id="related-pages"></a>

* [overview](https://docs.sonarsource.com/sonarqube-community-build/server-installation/from-zip-file/overview "mention")
* [basic-installation](https://docs.sonarsource.com/sonarqube-community-build/server-installation/from-zip-file/basic-installation "mention")
* **Configuring network security features:**
  * [securing-behind-proxy](https://docs.sonarsource.com/sonarqube-community-build/server-installation/network-security/securing-behind-proxy "mention")
  * [network-rules](https://docs.sonarsource.com/sonarqube-community-build/server-installation/network-security/network-rules "mention")
* [from-zip-file](https://docs.sonarsource.com/sonarqube-community-build/server-installation/from-zip-file/starting-stopping-server/from-zip-file "mention")
* [running-as-a-service](https://docs.sonarsource.com/sonarqube-community-build/server-installation/from-zip-file/starting-stopping-server/running-as-a-service "mention")
* [configuration-methods](https://docs.sonarsource.com/sonarqube-community-build/server-installation/system-properties/configuration-methods "mention")