Start Free
SonarQube Community Build | Server installation and setup | Advanced installation

Community Build advanced installation

On this page

Modifying the default configuration of a server installation Self Signed Certificates of DevOps platforms SonarQube Community Build DNS cache

This section explains how to perform various advanced installation steps. 

You can also:

Modifying the default configuration of a server installation

To modify the default configuration:

  • For a server installation from the ZIP file: change the sonar properties in the SonarQube Community Build configuration file (<sonarqubeHome>/conf/sonar.properties).
  • For a server installation from the Docker image: change the sonar environment variables.

See the list of system properties.

Self Signed Certificates of DevOps platforms

When running in an environment where the DevOps platform or other related tooling is secured by self-signed certificates, the CA needs to be added to the Java truststore of SonarQube Community Build.

In a zip installation, the systems truststore can be found in $JAVA_HOME/lib/security/cacerts. In order to add a new certificate to the truststore you can use the following command as an example:

keytool -importcert -file $PATH_TO_CERTIFICATE -alias $CERTIFICATE_NAME -keystore /$JAVA_HOME/lib/security/cacerts -storepass changeit -trustcacerts -noprompt

In our official Docker images, you can find the systems truststore in <JAVA_HOME>/lib/security/cacerts. In order to add new certificates here as well you can:

  • Bind mount an existing truststore containing your certificates to <JAVA_HOME>/lib/security/cacerts.
Example
docker run -d --name sonarqube -v /path/to/your/cacerts.truststore:/opt/java/openjdk/lib/security/cacerts:ro -p 9000:9000 sonarqube
  • Import your CA certificate the same way as in the zip installation but inside the container.

If you deploy SonarQube Community Build on Kubernetes using the official Helm Chart, you can create a new secret containing your required certificates and reference this via:

caCerts:
  enabled: true
  image: adoptopenjdk/openjdk17:alpine
  secret: your-secret

SonarQube Community Build DNS cache

When reporting Quality Gate status to DevOps platforms, SonarQube Community Build uses a DNS cache time to live policy of 30 seconds. If necessary, you can change this setting in your JVM:

echo "networkaddress.cache.ttl=5" >> "${JAVA_HOME}/conf/security/java.security"

Please be aware that low values increase the risk of DNS spoofing attacks.

Was this page helpful?

© 2008-2025 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.

Creative Commons License