# Advanced setup

## Self Signed Certificates of DevOps platforms <a href="#selfsigned-certificates" id="selfsigned-certificates"></a>

In our official Docker images, you can find the systems truststore in `<JAVA_HOME>/lib/security/cacerts`. In order to add new certificates here as well you can:

* Bind mount an existing truststore containing your certificates to `<JAVA_HOME>/lib/security/cacerts`.

<details>

<summary>Example</summary>

```sh
docker run -d --name sonarqube -v /path/to/your/cacerts.truststore:/opt/java/openjdk/lib/security/cacerts:ro -p 9000:9000 sonarqube 
```

</details>

* Import your CA certificate the same way as in the zip installation but inside the container.

## Changing SonarQube DNS cache TTL <a href="#dns-cache" id="dns-cache"></a>

When reporting Quality Gate status to DevOps platforms, SonarQube uses a DNS cache time to live policy of 30 seconds. If necessary, you can change this setting in your JVM:

```sh
echo "networkaddress.cache.ttl=5" >> "${JAVA_HOME}/conf/security/java.security" 
```

Please be aware that low values increase the risk of DNS spoofing attacks.

## Adjusting Java executable path <a href="#adjusting-java-exec-path" id="adjusting-java-exec-path"></a>

By default, the scripts will use the Java executable available in the PATH. If multiple versions of Java are installed on your server, you may need to explicitly define which version is used.

It is possible to overwrite the default Java executable by setting the environmental variable `SONAR_JAVA_PATH`.

<details>

<summary>Linux</summary>

```sh
export SONAR_JAVA_PATH="path/to/java_home/bin/java"
```

</details>

<details>

<summary>Windows</summary>

```sh
setx SONAR_JAVA_PATH "C:\Program Files\java_home\bin\java.exe"
```

</details>

## Enabling IPv6 <a href="#enabling-ipv6" id="enabling-ipv6"></a>

When you run your Docker container:

* Enable IPv6 in the JVM by setting the `JAVA_TOOL_OPTIONS` environment variable to `-Djava.net.preferIPv6Addresses=true`.
* Enable IPv6 in SonarQube by setting the `SONAR_WEB_JAVAADDITIONALOPTS` environment variable (system property) to `-Djava.net.preferIPv6Addresses=true`.

See below for instructions depending on the Docker tool used.

<details>

<summary>With docker-run</summary>

Set the environment variables in the docker run command as illustrated below.

```sh
docker run -d --name sonarqube \
    -p 9000:9000 \
    -e JAVA_TOOL_OPTIONS="-Djava.net.preferIPv6Addresses=true" \
    -e SONAR_WEB_JAVAADDITIONALOPTS="-Djava.net.preferIPv6Addresses=true" \
    ...  \
    <image_name>
```

For `image_name`, check the tags currently available on the [DockerHub page](https://hub.docker.com/_/sonarqube).

</details>

<details>

<summary>With docker-compose</summary>

Set the environment variables in the `environment` section of the .`yml` file as illustrated below.

```sh
...
environment:
      SONAR_JDBC_URL: jdbc:postgresql://db:5432/sonar
      SONAR_JDBC_USERNAME: sonar
      SONAR_JDBC_PASSWORD: sonar
      JAVA_TOOL_OPTIONS: ‘-Djava.net.preferIPv6Addresses=true’
      SONAR_WEB_JAVAADDITIONALOPTS: ‘-Djava.net.preferIPv6Addresses=true’

...
```

</details>

{% hint style="warning" %}
IPv6 is not officially supported for the Docker images of the Data Center Edition.
{% endhint %}

## Keeping user sessions alive on server restart <a href="#keeping-user-sessions" id="keeping-user-sessions"></a>

To maintain your user sessions accross server restarts:

* Store the JWT token you generated during pre-installation (see [Defining a JWT token](/sonarqube-server/2025.3/server-installation/pre-installation/jwt-token.md)) in the `SONAR_AUTH_JWTBASE64HS256SECRET` system property (see [Configuration methods](/sonarqube-server/2025.3/server-installation/system-properties/configuration-methods.md)).

## Related pages <a href="#related-pages" id="related-pages"></a>

* [Installation overview](/sonarqube-server/2025.3/server-installation/from-docker-image/installation-overview.md)
* [Basic installation](/sonarqube-server/2025.3/server-installation/from-docker-image/basic-installation.md)
* **Configuring network security features:**
  * [Securing behind a proxy](/sonarqube-server/2025.3/server-installation/network-security/securing-behind-proxy.md)
  * [Network rules](/sonarqube-server/2025.3/server-installation/network-security/network-rules.md)
* [Starting SonarQube container](/sonarqube-server/2025.3/server-installation/from-docker-image/starting-sonarqube-container.md)
* [Configuration methods](/sonarqube-server/2025.3/server-installation/system-properties/configuration-methods.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sonarsource.com/sonarqube-server/2025.3/server-installation/from-docker-image/advanced-setup.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.