Advanced setup
Advanced setup when installing SonarQube Server from the Docker image.
Self Signed Certificates of DevOps platforms
In our official Docker images, you can find the systems truststore in <JAVA_HOME>/lib/security/cacerts. In order to add new certificates here as well you can:
Bind mount an existing truststore containing your certificates to
<JAVA_HOME>/lib/security/cacerts.
Import your CA certificate the same way as in the zip installation but inside the container.
Changing SonarQube DNS cache TTL
When reporting Quality Gate status to DevOps platforms, SonarQube uses a DNS cache time to live policy of 30 seconds. If necessary, you can change this setting in your JVM:
echo "networkaddress.cache.ttl=5" >> "${JAVA_HOME}/conf/security/java.security" Please be aware that low values increase the risk of DNS spoofing attacks.
Adjusting Java executable path
By default, the scripts will use the Java executable available in the PATH. If multiple versions of Java are installed on your server, you may need to explicitly define which version is used.
It is possible to overwrite the default Java executable by setting the environmental variable SONAR_JAVA_PATH.
Enabling IPv6
When you run your Docker container:
Enable IPv6 in the JVM by setting the
JAVA_TOOL_OPTIONSenvironment variable to-Djava.net.preferIPv6Addresses=true.Enable IPv6 in SonarQube by setting the
SONAR_WEB_JAVAADDITIONALOPTSenvironment variable (system property) to-Djava.net.preferIPv6Addresses=true.
See below for instructions depending on the Docker tool used.
IPv6 is not officially supported for the Docker images of the Data Center Edition.
Keeping user sessions alive on server restart
To maintain your user sessions accross server restarts:
Store the JWT token you generated during pre-installation (see Defining a JWT token) in the
SONAR_AUTH_JWTBASE64HS256SECRETsystem property (see Configuration methods).
Related pages
Configuring network security features:
Last updated
Was this helpful?