Start Free
Latest | Server installation and setup | Setting system properties | Specific to Data Center Edition

System properties specific to the Data Center Edition

On this page

General Elasticsearch authentication TLS encryption Related pages

SonarQube utilizes system properties during startup, which are not stored in the database. This page lists the configurable system properties that are specific to the Data Center Edition.

General

All nodes

System property :

  • sonar property
  • environment variable


DescriptionRequired
  • sonar.cluster.enabled

Enables the cluster mode. Must be set to true in each node.

Default value: false

yes
  • sonar.cluster.name
  • SONAR_CLUSTER_NAME

The name of the cluster. Required if multiple clusters are present on the same network. For example, this prevents mixing Production and Preproduction clusters. 

Will be the name stored in the Hazelcast cluster and used as the name of the Elasticsearch cluster.

Default value: sonarqube

Where appropriate
  • sonar.cluster.node.name
  • SONAR_CLUSTER_NODE_NAME

The name of the node that is used on Elasticsearch and stored in Hazelcast member attribute (NODE_NAME) for sonar-application.

Default value: sonarqube-<UUID>

yes
  • sonar.cluster.node.type
  • SONAR_CLUSTER_NODE_TYPE

Type of node.

Possible values:

  • application: node hosting the WebServer process.
  • search: node hosting the Elasticsearch process.
yes
Application nodes only

System property :

  • sonar property
  • environment variable  
DescriptionRequired
  • sonar.cluster.hosts
  • SONAR_CLUSTER_HOSTS

Comma-delimited list of all application nodes in the cluster. 

List item format (the same format for all items):

  • Either <nodeIpAddress>1)
  • Or <nodeIpAddress>:<ApplicationPortNumber> 
yes
  • sonar.cluster.node.host
 IP address of the current node used by Hazelcast to communicate with the node.yes
  • sonar.cluster.node.port
  • SONAR_CLUSTER_NODE_PORT

 Port of the current node used by Hazelcast to communicate with the node.

Default value: 9003

yes
  • sonar.cluster.node.web.port
Port of the current node used by Hazelcast to communicate with the WebServer process on the current node.no
  • sonar.cluster.node.ce.port
Port of the current node used by Hazelcast to communicate with the Compute Engine process on the current node. no
  • sonar.cluster.search.hosts
  • SONAR_CLUSTER_SEARCH_HOSTS

Comma-delimited list of search nodes in the cluster. A search node is described through the IP address and port used for search requests.

List item format (the same format for all items): 

  • Either <nodeIpAddress> (if all ports have the sonar.cluster.node.port default value and this value has not been overridden in the current node’s configuration file)
  • Or <nodeIpAddress>:<searchPortNumber>

<nodeIpAddress> can also be set to the service name of the search containers.

yes
  • sonar.auth.jwtBase64Hs256Secret
  • SONAR_AUTH_JWTBASE64HS256SECRET
Required for authentication with multiple web servers. It is used to keep user sessions opened when they are redirected from one web server to another by the load balancer. You must generate a secret for the application nodes (it will be the same for all application nodes).1)yes

1) See Generating a HS256 key encoded with base64.

Search nodes only

System property :

  • sonar property
  • environment variable


DescriptionRequired
  • sonar.cluster.node.search.host
Elasticsearch host of the current node used for HTTP communication between search and application nodes. IP must be accessible to all application nodes.yes
  • sonar.cluster.node.search.port
Elasticsearch port of the current node used for HTTP communication between search and application nodes. Port must be accessible to all application nodes.yes
  • sonar.cluster.es.hosts
  • SONAR_CLUSTER_ES_HOSTS

Comma-delimited list of nodes in the Elasticsearch cluster. A node is described through the IP address and port used for internal communication within the Elasticsearch cluster.

List item format (the same format for all items): 

  • Either <nodeIpAddress> (if all ports have the sonar.cluster.node.port default value and this value has not been overridden in the current node’s configuration file)
  • Or <nodeIpAddress>:<esPortNumber>
yes
  • sonar.cluster.node.es.host
IP address of the current search node used for internal communication within the Elasticsearch cluster. The IP address must be accessible to all other search nodes.yes
  • sonar.cluster.node.es.port
Port of the current search node used for internal communication within the Elasticsearch cluster. The port must be accessible to all other search nodesyes
  • sonar.search.initialStateTimeout

The timeout for the Elasticsearch nodes to elect a primary node. The default value will be fine in most cases, but in a situation where startup is failing because of a timeout, this may need to be adjusted. 

Value format:  <integer><timeunit> 
where <timeunit> possible values are:

  • ms: milliseconds
  • s: seconds
  • m: minutes
  • h: hours
  • d: days
  • w: weeks
no

Elasticsearch authentication

See also Setting up Elasticsearch authentication.

All nodes

System property :

  • sonar property
  • environment variable


Description
  • sonar.cluster.search.password
  • SONAR_CLUSTER_SEARCH_PASSWORD
Password for Elasticsearch built-in user (elastic) which will be used on client side (for an application node) or set in Elasticsearch (for a search node). If provided, it enables authentication, and for a search node, the instance will require additional properties to be set. If this property is set, the same value must be used on all nodes of the cluster (application and search nodes).
Search nodes

System property :

  • sonar property
  • environment variable


Description
  • sonar.cluster.es.ssl.keystore
  • SONAR_CLUSTER_ES_SSL_KEYSTORE

File path to a keystore in PKCS#12 format1). The user running SonarQube must have READ permission to that file. Required if password provided.

Can be the same PKCS#12 container as the SONAR_CLUSTER_ES_SSL_TRUSTSTORE.

  • sonar.cluster.es.ssl.truststore
  • SONAR_CLUSTER_ES_SSL_TRUSTSTORE

File path to a truststore in PKCS#12 format1). The user running SonarQube must have READ permission to that file. Required if password provided.

Can be the same PKCS#12 container as the SONAR_CLUSTER_ES_SSL_KEYSTORE.

  • sonar.cluster.es.ssl.keystorePassword
  • SONAR_CLUSTER_ES_SSL_KEYSTOREPASSWORD
Password to the keystore.
  • sonar.cluster.es.ssl.truststorePassword
  • SONAR_CLUSTER_ES_SSL_TRUSTSTOREPASSWORD
Password to the truststore.

1) When creating the PKCS#12 container, make sure it is created with an algorithm that is readable by Java 17.

TLS encryption

See also Setting up TLS encryption.

All nodes

System property :

  • sonar property
  • environment variable
Description
  • sonar.cluster.es.http.ssl.keystore
  • SONAR_CLUSTER_ES_HTTP_SSL_KEYSTORE
File path to a keystore in PKCS#12 format1). The user running SonarQube must have READ permission to that file. If provided, it enables TLS encryption.
  • sonar.cluster.es.http.ssl.keystorePassword
  • SONAR_CLUSTER_ES_HTTP_SSL_KEYSTOREPASSWORD
Password to the keystore.

Was this page helpful?

© 2008-2025 SonarSource SA. All rights reserved.

Creative Commons License