# Operating the Server ### Running SonarQube as a service on Windows ### Installing SonarQube as a service When installing SonarQube as a service on Windows, the path to the executable should be quoted to prevent unquoted service path attacks. ```css-79elbk > sc create SonarQube binPath= "\"%SONAR_HOME%\bin\windows-x86-64\wrapper.exe\" -s \"%SONAR_HOME%\conf\wrapper.conf\"" ``` ### Start or stop the service ```css-79elbk > "%SONAR_HOME%\bin\windows-x86-64\StartNTService.bat" > "%SONAR_HOME%\bin\windows-x86-64\StopNTService.bat" ``` **Note:** `> "%SONAR_HOME%\bin\windows-x86-64\StopNTService.bat"` does a graceful shutdown where no new analysis report processing can start, but the tasks in progress are allowed to finish. The time a stop will take depends on the processing time of the tasks in progress. You’ll need to terminate all SonarQube processes manually to force a stop. ### Running SonarQube manually on Linux ### Start or stop the instance ```css-79elbk Start: $SONARQUBE_HOME/bin/linux-x86-64/sonar.sh start Graceful shutdown: $SONARQUBE_HOME/bin/linux-x86-64/sonar.sh stop Hard stop: $SONARQUBE_HOME/bin/linux-x86-64/sonar.sh force-stop ``` {% hint style="info" %} Stop does a graceful shutdown where no new analysis report processing can start, but the tasks in progress are allowed to finish. The time a stop will take depends on the processing time of the tasks in progress. Use force stop for a hard stop. {% endhint %} ### Running SonarQube as a service on Linux with SystemD On a Unix system using SystemD, you can install SonarQube as a service. You cannot run SonarQube as root in Unix systems. Ideally, you will created a new account dedicated to the purpose of running SonarQube. Let’s suppose: * The user used to start the service is `sonarqube` * The group used to start the service is `sonarqube` * The Java Virtual Machine is installed in `/opt/java/` * SonarQube has been unzipped into `/opt/sonarqube/` Then create the file `/etc/systemd/system/sonarqube.service` *based on* the following: ```css-79elbk [Unit] Description=SonarQube service After=syslog.target network.target [Service] Type=simple User=sonarqube Group=sonarqube PermissionsStartOnly=true ExecStart=/bin/nohup /opt/java/bin/java -Xms32m -Xmx32m -Djava.net.preferIPv4Stack=true -jar /opt/sonarqube/lib/sonar-application-8.5.jar StandardOutput=syslog LimitNOFILE=131072 LimitNPROC=8192 TimeoutStartSec=5 Restart=always SuccessExitStatus=143 [Install] WantedBy=multi-user.target ``` {% hint style="info" %} * Because the sonar-application jar name ends with the version of SonarQube, you will need to adjust the `ExecStart` command accordingly on install and at each upgrade. * \* The SonarQube data directory,`/opt/sonarqube/data`, and the extensions directory, `/opt/sonarqube/extensions` should be owned by the `sonarqube` user. As a good practice, the rest should be owned by `root`. {% endhint %} Once your `sonarqube.service` file is created and properly configured, run: ```css-79elbk sudo systemctl enable sonarqube.service sudo systemctl start sonarqube.service ``` ### Running SonarQube as a service on Linux with initd The following has been tested on Ubuntu 8.10 and CentOS 6.2. Create the file /etc/init.d/sonar with this content: ```css-79elbk #!/bin/sh # # rc file for SonarQube # # chkconfig: 345 96 10 # description: SonarQube system (www.sonarsource.org) # ## BEGIN INIT INFO # Provides: sonar # Required-Start: $network # Required-Stop: $network # Default-Start: 3 4 5 # Default-Stop: 0 1 2 6 # Short-Description: SonarQube system (www.sonarsource.org) # Description: SonarQube system (www.sonarsource.org) ## END INIT INFO /usr/bin/sonar $* ``` Register SonarQube at boot time (RedHat, CentOS, 64 bit): ```css-79elbk sudo ln -s $SONARQUBE_HOME/bin/linux-x86-64/sonar.sh /usr/bin/sonar sudo chmod 755 /etc/init.d/sonar sudo chkconfig --add sonar ``` Once registration is done, run: ```css-79elbk sudo service sonar start ``` ### Securing the server behind a proxy This section helps you configure the SonarQube Server if you want to run it behind a proxy. This can be done for security concerns or to consolidate multiple disparate applications. To run the SonarQube server over HTTPS, see the HTTPS Configuration section below. {% hint style="warning" %} For security reasons, we recommend only giving external access to the main port. {% endhint %} ### Using an Apache proxy We assume that you’ve already installed Apache 2 with module mod\_proxy, that SonarQube is running and available on `http://private_sonar_host:sonar_port/`, and that you want to configure a Virtual Host for `www.public_sonar.com`. At this point, edit the HTTPd configuration file for the `www.public_sonar.com` virtual host. Include the following to expose SonarQube via `mod_proxy` at ```css-79elbk ProxyRequests Off ProxyPreserveHost On ServerName www.public_sonar.com ServerAdmin admin@somecompany.com ProxyPass / http://private_sonar_host:sonar_port/ ProxyPassReverse / http://www.public_sonar.com/ ErrorLog logs/somecompany/sonar/error.log CustomLog logs/somecompany/sonar/access.log common ``` Apache configuration is going to vary based on your own application’s requirements and the way you intend to expose SonarQube to the outside world. If you need more details about Apache HTTPd and mod\_proxy, please see [http://httpd.apache.org](http://httpd.apache.org/). ### Using Nginx We assume that you’ve already installed Nginx, that you are using a Virtual Host for `www.somecompany.com` and that SonarQube is running and available on `http://sonarhost:sonarport/`. At this point, edit the Nginx configuration file. Include the following to expose SonarQube at `http://www.somecompany.com/`: ```css-79elbk # the server directive is Nginx's virtual host directive server { # port to listen on. Can also be set to an IP:PORT listen 80; # sets the domain[s] that this vhost server requests for server_name www.somecompany.com; location / { proxy_pass http://sonarhost:sonarport; } } ``` Nginx configuration will vary based on your own application’s requirements and the way you intend to expose SonarQube to the outside world. If you need more details about Nginx, please see . Note that you may need to increase the max URL length since SonarQube requests can have URLs longer than 2048. ### Using IIS See: Note that the setup described in this blog post is not appropriate for SAML through IIS. ### HTTPS configuration ```css-79elbk # the server directive is Nginx's virtual host directive server { # port to listen on. Can also be set to an IP:PORT listen 443 ssl; ssl_certificate ${path_to_your_certificate_file} ssl_certificate_key ${path_to_your_certificate_key_file} location / { proxy_pass ${address_of_your_sonarqube_instance_behind_proxy} proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto https; } } ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sonarsource.com/sonarqube-server/8.9/setup-and-upgrade/configure-and-operate-a-server/operating-the-server.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.