Start Free
Latest | Server installation and setup | Setting system properties | Common properties

System properties common to all SonarQube editions

On this page

SonarQube utilizes system properties during startup, which are not stored in the database. This page lists the configurable system properties common to all SonarQube Server editions (if not otherwise indicated). Properties specific to the Data Center Edition are listed on this page.

General

Properties

System property :

  • sonar property
  • environment variable  
Description
  • sonar.multi-quality-mode.enabled
  • SONAR_MULTI_QUALITY_MODE_ENABLED

Enables the Multi-Quality Rule (MQR) Mode1) in your instance.

Possible values:true or false.

  • sonar.path.data
  • SONAR_PATH_DATA
Path to the directory used by SonarQube to store persistent data file. The path can be absolute or relative to the SonarQube home directory2).
  • sonar.path.temp
  • SONAR_PATH_TEMP
Path to the directory used by SonarQube to store temporary files. The path can be absolute or relative to the SonarQube home directory2).
  • sonar.notifications.delay
  • SONAR_NOTIFICATIONS_DELAY

Delay in seconds between processing of notification queue. 

Default value:60

  • sonar.telemetry.enable
  • SONAR_TELEMETRY_ENABLE

Enables Telemetry3). By sharing anonymous SonarQube statistics, you help us understand how SonarQube is used so we can improve the product to work even better for you. We don't collect source code or IP addresses. And we don't share the data with anyone else. 

Default value:true

1) See Multi-Quality Rule (MQR) Mode.
2) The SonarQube home directory is: the location where the SonarQbue distribution has been unzipped (for a ZIP installation); the installation directory of SonarQube within your container (for a Docker installation).
3) See Telemetry.
4) See Encrypting sensitive system properties.

Database

General

System property :

  • sonar property
  • environment variable 
Description
  • sonar.jdbc.username
  • SONAR_JDBC_USERNAME
JDBC user name.
  • sonar.jdbc.password
  • SONAR_JDBC_PASSWORD
JDBC user password.
  • sonar.jdbc.url
  • SONAR_JDBC_URL

Database connection string.

Oracle:

  • Default value: jdbc:oracle:thin:@localhost:1521/XE

PostgreSQL:

  • Default value: jdbc:postgresql://localhost/sonarqube
  • By default the schema named public is used. It can be overridden with the parameter currentSchema: jdbc:postgresql://localhost/sonarqube?currentSchema=my_schema

Microsoft SQL Server:

  • Default value: jdbc:sqlserver://localhost;databaseName=sonar;integratedSecurity=true
  • If you're using the Integrated Security, don't use the sonar.jdbc.username and sonar.jdbc.password properties.
  • If you want to use SQL Auth while connecting to MS SQL Server, use the value jdbc:sqlserver://localhost;databaseName=sonar and set the SONAR_JDBC_USERNAME and SONAR_JDBC_PASSWORD appropriately.
  • sonar.embeddeddatabase.port
  • SONAR_EMBEDDEDDATABASE_PORT

H2 embedded database server listening port.

Default value: 9092

Connection pool

System property :

  • sonar property
  • environment variable 
Description
  • sonar.jdbc.maxActive
  • SONAR_JDBC_MAXACTIVE

The maximum number of active connections that can be allocated at the same time, or negative for no limit. The recommended value is 1.2 * max sizes of HTTP pools. For example, if HTTP ports are enabled with default sizes (50, see property sonar.web.http.maxThreads) then sonar.jdbc.maxActive should be 1.2 * 50 = 60.

Default value: 60

  • sonar.jdbc.maxIdle
  • SONAR_JDBC_MAXIDLE

The maximum number of connections that can remain idle in the pool, without extra ones being released, or negative for no limit.

Default value: 5

  • sonar.jdbc.minIdle
  • SONAR_JDBC_MINIDLE

The minimum number of connections that can remain idle in the pool, without extra ones being created, or zero to create none.

Default value: 2

  • sonar.jdbc.maxWait
  • SONAR_JDBC_MAXWAIT

The maximum number of milliseconds that the pool will wait (when there are no available connections) for a connection to be returned before throwing an exception, or <= 0 to wait indefinitely.

Default value: 5000

Web server

JVM options

System property :

  • sonar property
  • environment variable 
Description
  • sonar.web.javaOpts
  • SONAR_WEB_JAVAOPTS
Is used to customize JVM options for the Web server process by overriding all the existing options.
  • sonar.web.javaAdditionalOpts
  • SONAR_WEB_JAVAADDITIONALOPTS

Is used to customize JVM options for the Web server process by adding them to the existing options.

Note: If this variable is used with SONAR_WEB_JAVAOPTS, its content is appended to SONAR_WEB_JAVAOPTS.

Web server connection

System property :

  • sonar property
  • environment variable 
Description
  • sonar.web.host
  • SONAR_WEB_HOST

For servers with more than one IP address, this property specifies which address will be used for listening on the specified ports. 

Default value: 0.0.0.0 (ports will be used on all IP addresses associated with the server)

  • sonar.web.port
  • SONAR_WEB_PORT

TCP port for incoming HTTP connections.

Default value: 9000

  • sonar.web.context
  • SONAR_WEB_CONTEXT

Web context specifying the path at which to serve SonarQube. For example, with sonar.web.port=9000 and sonar.web.context=/sonarqube, you will access the web interface at http://localhost:9000/sonarqube.

Example: /sonarqube (must start with a forward slash)

Default value: empty (root context)

HTTP connections

System property :

  • sonar property
  • environment variable
Description
  • sonar.web.http.maxThreads
  • SONAR_WEB_HTTP_MAXTHREADS

The maximum number of connections that the server will accept and process at any given time. When this number has been reached, the server will not accept any more connections until the number of connections falls below this value. The operating system may still accept connections based on the sonar.web.connections.acceptCount property. 

Default value: 50

  • sonar.web.http.minThreads
  • SONAR_WEB_HTTP_MINTHREADS

The minimum number of threads always kept running. 

Default value: 5

  • sonar.web.http.acceptCount
  • SONAR_WEB_HTTP_ACCEPTCOUNT

The maximum queue length for incoming connection requests when all possible request processing threads are in use. Any requests received when the queue is full will be refused. 

Default value: 25

  • sonar.web.http.keepAliveTimeout
  • SONAR_WEB_HTTP_KEEPALIVETIMEOUT

The number of milliseconds this Connector will wait for another HTTP request before closing the connection. Use a value of -1 to indicate no (i.e. infinite) timeout. 

Default value: 60000 (ms)

User sessions

System property :

  • sonar property
  • environment variable 
Description
  • sonar.auth.jwtBase64hs256secret
  • SONAR_AUTH_JWTBASE64HS256SECRET
By default, users are logged out and sessions closed when server is restarted. If you prefer keeping user sessions open, a secret should be defined. Value is HS256 key encoded with base641). It must be unique for each installation of SonarQube.
  • sonar.web.sessionTimeoutInMinutes
  • SONAR_WEB_SESSIONTIMEOUTINMINUTES

Inactive session timeout (in minutes). The maximum time a user can remain idle (no activity) before the session ends. If the user does not interact with the system within this time, they are logged out.

Default value: 4320 (3 days)

Minimum value: 6

Maximum value: 129 600 (90 days)

  • sonar.web.activeSessionTimeoutInMinutes


This property is supported starting in SonarQube Server's Enterprise Edition.

Active session timeout (in minutes). The maximum time a user can remain logged in, regardless of activity. After this time, the session ends automatically even if the user is actively using the system.

Default value: 129 600 (90 days)

Minimum value:15

Maximum value: 129 600 (90 days)

1) See Generating a JWT token.

Authentication to web services

System property :

  • sonar property
  • environment variable  
Description

sonar.web.systemPassCode

SONAR_WEB_SYSTEMPASSCODE

A passcode can be defined to access some web services from monitoring tools without having to use the credentials of a system administrator. Check the Web API documentation to know which web services are supporting this authentication mode. The passcode should be provided in HTTP requests with the header "X-Sonar-Passcode"1).
By default, feature is disabled. 

1) See Authenticating to the Web API in Web API

SSO authentication

Properties

System property :

  • sonar property
  • environment variable
Description
  • sonar.web.sso.enable
  • SONAR_WEB_SSO_ENABLE

Enable authentication using HTTP headers.

Default value: false

  • sonar.web.sso.loginheader
  • SONAR_WEB_SSO_LOGINHEADER

The name of the header to get the user login. Only alphanumeric, '.' and '@' characters are allowed.

Default value: X-Forwarded-Login

  • sonar.web.sso.nameheader
  • SONAR_WEB_SSO_NAMEHEADER
The name of the header to get the user name.
Default value: X-Forwarded-Name
  • sonar.web.sso.emailheader
  • SONAR_WEB_SSO_EMAILHEADER

The name of the header to get the user email (optional)

Default value: X-Forwarded-Email

  • sonar.web.sso.groupsheader
  • SONAR_WEB_SSO_GROUPSHEADER

The name of the header to get the list of user groups, separated by comma (optional). If this property is set, the user will belong to those groups if groups exist in SonarQube. If none of the provided groups exists in SonarQube, the user will only belong to the default group. Note that the default group will always be set.

Default value: X-Forwarded-Groups

  • sonar.web.sso.refreshintervalinminutes
  • SONAR_WEB_SSO_REFRESHINTERVALINMINUTES

The interval used to know when to refresh name, email, and groups. During this interval, if for instance the name of the user is changed in the header, it will only be updated after X minutes.

Default value: 5

LDAP authentication

See also Setting up LDAP authentication.

General

System property:

  • sonar property
  • environment variable
DescriptionRequired
  • sonar.security.realm
  • SONAR_SECURITY_REALM

Enables the LDAP feature. If set to LDAP, authentication against the external sytem is performed. If the external system is not reachable or if the user is not defined in the external system, authentication will be performed against SonarQube's internal database.

Possible value:LDAP

Yes
  • sonar.authenticator.downcase
  • SONAR_AUTHENTICATOR_DOWNCASE

Is intended to be set to true when the backend LDAP system is configured for case-insensitivity (user's input is transformed to lowercase and this value is used as the SonarQube user name). 

Default value: false

No
  • ldap.url
  • LDAP_URL

URL of the LDAP server. If you are using ldaps, you should install the server certificate into the Java truststore.

Example: ldap://localhost:10389

Yes
  • ldap.bindDn
  • LDAP_BINDDN

The username of an LDAP user to connect (or bind) with. Leave this blank for anonymous access to the LDAP directory.

Example: cn=sonar,ou=users,o=mycompany

No
  • ldap.bindPassword
  • LDAP_BINDPASSWORD

The password of the user to connect with. Leave this blank for anonymous access to the LDAP directory.

Example: secret

No
  • ldap.authentication
  • LDAP_AUTHENTICATION

Possible values: simpleCRAM-MD5DIGEST-MD5GSSAPI. See the tutorial on authentication mechanisms

Possible values: simple (default), CRAM-MD5, DIGEST-MD5, GSSAPI

No
  • ldap.realm
  • LDAP_REALM

See Digest-MD5 AuthenticationCRAM-MD5 Authentication

Example: example.org

No
  • ldap.contextFactoryClass
  • LDAP_CONTEXTFACTORYCLASS

Context factory class.

Default value: com.sun.jndi.ldap.LdapCtxFactory

No
  • ldap.StartTLS
  • LDAP_STARTTLS

Enables the use of StartTLS.

Default value: false

No
  • ldap.followReferrals
  • LDAP_FOLLOWREFERRALS

Follow referrals or not. See Referrals in the JNDI

Default value: true


  • ldap.saslQop

Quality of protection request.

Example: auth

No
  • ldap.saslStrength

Cryptographic protection request.

Example: medium

No
  • ldap.saslMaxbuf
Maximum receive buffer size.No
User mapping

System property:

  • sonar property
  • environment variable
DescriptionRequired
  • ldap.user.baseDn
  • LDAP_USER_BASEDN

Distinguished Name (DN) of the root node in LDAP from which to search for users.

Example for Active Directory: cn=users,dc=example,dc=org

Yes
  • ldap.user.request
  • LDAP_USER_REQUEST

LDAP user request.

Default value:(&(objectClass=inetOrgPerson)(uid={login}))

Example for Active Directory: (&(objectClass=user)(sAMAccountName={login}))

No
  • ldap.user.realNameAttribute
  • LDAP_USER_REALNAMEATTRIBUTE

Attribute in LDAP defining the user’s real name.

Default value: cn

No
  • ldap.user.emailAttribute
  • LDAP_USER_EMAILATTRIBUTE

Attribute in LDAP defining the user’s email.

Default value: mail

No
Group synchronization

System property:

  • sonar property
  • environment variable
DescriptionRequired
  • ldap.group.baseDn
  • LDAP_GROUP_BASEDN

Distinguished Name (DN) of the root node in LDAP from which to search for groups.

Example for Active Directory: cn=groups,dc=example,dc=org

No
  • ldap.group.request
  • LDAP_GROUP_REQUEST

LDAP group request.

Default value:(&(objectClass=groupOfUniqueNames)(uniqueMember={dn}))

Example for Active Directory: (&(objectClass=group)(member={dn}))

No
  • ldap.group.idAttribute
  • LDAP_GROUP_IDATTRIBUTE

Property used to specifiy the attribute to be used for returning the list of user groups in the compatibility mode.

Default value: cn

No

Compute engine

Properties

System property :

  • sonar property
  • environment variable  
Description
  • sonar.ce.javaOpts
  • SONAR_CE_JAVAOPTS
Is used to customize JVM options for the Compute Engine process by overriding all the existing options.
  • sonar.ce.javaAdditionalOpts
  • SONAR_CE_JAVAADDITIONALOPTS

Is used to customize JVM options for the Compute Engine process by adding them to the existing options.

Note: If this variable is used with SONAR_CE_JAVAOPTS, its content is appended to SONAR_CE_JAVAOPTS.

Elasticsearch

Properties

System property :

  • sonar property
  • environment variable  
Description
  • sonar.search.javaOpts
  • SONAR_SEARCH_JAVAOPTS
Is used to customize JVM options for the Elasticsearch process by overriding all the existing options.
  • sonar.search.javaAdditionalOpts
  • SONAR_SEARCH_JAVAADDITIONALOPTS

Is used to customize JVM options for the Elasticsearch process by adding them to the existing options.

Note: If this variable is used with SONAR_SEARCH_JAVAOPTS, its content is appended to SONAR_SEARCH_JAVAOPTS.

  • sonar.search.port
  • SONAR_SEARCH_PORT

Elasticsearch port. Use 0 to get a free port. As a security precaution, should be blocked by a firewall and not exposed to the Internet.

Default value: 9001

  • sonar.search.host
  • SONAR_SEARCH_HOST
Elasticsearch host. The search server will bind this address and the search client will connect to it. Default is loopback address. As a security precaution, should NOT be set to a publicly available address.

Marketplace (proxy configuration)

If your SonarQube is located behind a proxy, you must configure the proxy parameters listed below to make sure SonarQube Marketplace can connect to the Update Center.

Properties

System property :

  • sonar property
  • environment variable  
Description
  • sonar.updatecenter.activate
  • SONAR_UPDATECENTER_ACTIVATE

Specifies whether the SonarQube's Marketplace automatically searches for plugin updates. 

Default value:true

  • sonar.http.proxyhost
  • HTTP_PROXYHOST
HTTP proxy host.
  • sonar.http.proxyport
  • HTTP_PROXYPORT
HTTP proxy port number.
  • sonar.https.proxyhost
  • HTTPS_PROXYHOST

HTTPS proxy host.

Default value: sonar.http.proxyhost or HTTP_PROXYHOST value, respectively.

  • sonar.https.proxyport
  • HTTPS_PROXYPORT

HTTPS proxy port number.

Default value: sonar.http.proxyport or HTTP_PROXYPORT value, respectively.

  • http.auth.ntlm.domain
  • HTTP_AUTH_NTLM_DOMAIN
NT domain name if NTLM proxy is used.
  • socksProxyHost
  • SOCKSPROXYHOST
SOCKS proxy port number.
  • socksProxyPort
  • SOCKSPROXYPORT
SOCKS proxy host.
  • sonar.http.proxyuser
  • HTTP_PROXYPASSWORD
Proxy authentication (used for HTTP, HTTPS and SOCKS proxies).
  • sonar.http.nonproxyhosts
  • HTTP_NONPROXYHOSTS

List of hosts that can be accessed without going through the proxy.

The list items are separated by the '|' character. The wildcard character '*' can be used for pattern matching used for HTTP and HTTPS.

Note: Localhost and its literal notations (e.g. 127.0.0.1) are always excluded.

Logging

Properties

See also Setting up the server-side logging.

System property :

  • sonar property
  • environment variable  
Description
  • sonar.log.level
  • SONAR_LOG_LEVEL

Global level of logs (applies to all 4 processes).

Possible values:INFO (default), DEBUG, and TRACE.

  • sonar.log.level.<process>
  • SONAR_LOG_LEVEL_<PROCESS>

where <process> can be:

  • app: main process
  • web: Web server process
  • ce: Compute Engine process
  • es: Elasticsearch process

Level of logs for each process. When specified, they overwrite the level defined at the global level. 

Possible values: INFO, DEBUG, and TRACE

  • sonar.path.logs
  • SONAR_PATH_LOGS

Path to log files. Can be absolute or relative to the SonarQube home directory1)

Default value:/logs

  • sonar.log.rollingPolicy
  • SONAR_LOG_ROLLINGPOLICY

Rolling policy of log files (including the access log).

Possible values

  • time:<value>: the rolling policy is based on time.
    Example: by day (time:yyyy-MM-dd) or by month (time:yyyy-MM).
  • size:<value>: the rolling policy is based on size.
    Example: size:10MB
  • none: the rolling policy is disabled. Typically this would be used when logs are handled by an external system like logrotate.

Default value:time:yyyy-MM-dd

  • sonar.log.maxFiles
  • SONAR_LOG_MAXFILES

Maximum number of files to keep if a rolling policy is enabled.

The maximum value is:

  • For a size rolling policy: 20.
  • For a time rolling poilicy: unlimited. 

Set to zero to disable old file purging.

  • sonar.log.jsonOutput
  • SONAR_LOG_JSONOUTPUT

Converts the log output to JSON.

Possible values: true or false.

  • sonar.web.accessLogs.enable
  • SONAR_WEB_ACCESSLOGS_ENABLE
Specifies whether the access log is enabled, i.e. whether HTTP requests received by the server are logged. If enabled, the list of requests is stored in the access.log file. 
  • sonar.web.accessLogs.pattern
  • SONAR_WEB_ACCESSLOGS_PATTERN

If the access log is enabled, format of the access log.

Possible values:

Default value:%h %l %u [%t] "%r" %s %b "%i{Referer}" "%i{User-Agent}" "%reqAttribute{ID}"

Notes:

  • The login of an authenticated user is implemented with %reqAttribute{LOGIN}.
  • The token name used for requests will be added to the access log if the %reqAttribute{TOKEN_NAME} is added.
  • The SonarQube's HTTP request ID is implemented with %reqAttribute{ID}.

1) The SonarQube home directory is: the location where the SonarQbue distribution has been unzipped (for a ZIP installation); the installation directory of SonarQube within your container (for a Docker installation).

AI features

Properties

System property :

  • sonar property
  • environment variable  
Description
  • sonar.aid.codefix.hidden
  • SONAR_AI_CODEFIX_HIDDEN

Disables the AI CodeFix feature1) completely in SonarQube Server and hides the feature from all users, including System Adminstrators. 

Default value: false

1) See AI CodeFix.


Was this page helpful?

© 2008-2025 SonarSource SA. All rights reserved.

Creative Commons License