# Advanced setup

## Self Signed Certificates of DevOps platforms <a href="#selfsigned-certificates" id="selfsigned-certificates"></a>

In our official Docker images, you can find the systems truststore in `<JAVA_HOME>/lib/security/cacerts`. In order to add new certificates here as well you can:

* Bind mount an existing truststore containing your certificates to `<JAVA_HOME>/lib/security/cacerts`.

<details>

<summary>Example</summary>

```sh
docker run -d --name sonarqube -v /path/to/your/cacerts.truststore:/opt/java/openjdk/lib/security/cacerts:ro -p 9000:9000 sonarqube 
```

</details>

* Import your CA certificate the same way as in the zip installation but inside the container.

## Changing SonarQube DNS cache TTL <a href="#dns-cache" id="dns-cache"></a>

When reporting Quality Gate status to DevOps platforms, SonarQube uses a DNS cache time to live policy of 30 seconds. If necessary, you can change this setting in your JVM:

```sh
echo "networkaddress.cache.ttl=5" >> "${JAVA_HOME}/conf/security/java.security" 
```

Please be aware that low values increase the risk of DNS spoofing attacks.

## Adjusting Java executable path <a href="#adjusting-java-exec-path" id="adjusting-java-exec-path"></a>

By default, the scripts will use the Java executable available in the PATH. If multiple versions of Java are installed on your server, you may need to explicitly define which version is used.

It is possible to overwrite the default Java executable by setting the environmental variable `SONAR_JAVA_PATH`.

<details>

<summary>Linux</summary>

```sh
export SONAR_JAVA_PATH="path/to/java_home/bin/java"
```

</details>

<details>

<summary>Windows</summary>

```sh
setx SONAR_JAVA_PATH "C:\Program Files\java_home\bin\java.exe"
```

</details>

## Related pages <a href="#related-pages" id="related-pages"></a>

* [installation-overview](https://docs.sonarsource.com/sonarqube-server/server-installation/from-docker-image/installation-overview "mention")
* [prepare-installation](https://docs.sonarsource.com/sonarqube-server/server-installation/from-docker-image/prepare-installation "mention")
* [set-up-and-start-container](https://docs.sonarsource.com/sonarqube-server/server-installation/from-docker-image/set-up-and-start-container "mention")
* **Configuring network security features:**
  * [securing-behind-proxy](https://docs.sonarsource.com/sonarqube-server/server-installation/network-security/securing-behind-proxy "mention")
  * [network-rules](https://docs.sonarsource.com/sonarqube-server/server-installation/network-security/network-rules "mention")