Developer and Enterprise Edition's advanced installation
This section explains how to:
- Change the web server connection parameters
- Modify the default configuration of the server installation
You can also:
- In case of a ZIP installation: run SonarQube Server as a service on Windows or Linux.
- Run SonarQube Server behind a proxy
- Monitor and adjust Java process memory
- Install a plugin.
Changing the web server connection parameters
To set up the web server connection:
- For a server installation from the ZIP file: Verify and change if necessary the following properties in the SonarQube Server configuration file (
<sonarqubeHome>/conf/sonar.properties). - For a server installation from the Docker image: Verify and change if necessary the following environment variables.
| Property (ZIP installation) | Environment variable (Docker installation) | Description |
|---|---|---|
| sonar.web.host | SONAR_WEB_HOST | For servers with more than one IP address, this property specifies which address will be used for listening on the specified ports. Default value: 0.0.0.0 (ports will be used on all IP addresses associated with the server) |
| sonar.web.port | SONAR_WEB_PORT | TCP port for incoming HTTP connections. Default value: 9000 |
| sonar.web.context | SONAR_WEB_CONTEXT | Web context specifying the path at which to serve SonarQube Server. For example, with Example: Default value: empty (root context) |
Modifying the default configuration of a server installation
To modify the default configuration:
- For a server installation from the ZIP file: Change the sonar properties in the SonarQube Server configuration file (
<sonarqubeHome>/conf/sonar.properties). - For a server installation from the Docker image: Change the sonar environment variables.
Self Signed Certificates of DevOps platforms
When running in an environment where the DevOps platform or other related tooling is secured by self-signed certificates, the CA needs to be added to the Java truststore of SonarQube Server.
In a zip installation, the systems truststore can be found in $JAVA_HOME/lib/security/cacerts. In order to add a new certificate to the truststore you can use the following command as an example:
keytool -importcert -file $PATH_TO_CERTIFICATE -alias $CERTIFICATE_NAME -keystore /$JAVA_HOME/lib/security/cacerts -storepass changeit -trustcacerts -nopromptIn our official Docker images, you can find the systems truststore in <JAVA_HOME>/lib/security/cacerts. In order to add new certificates here as well you can:
- Bind mount an existing truststore containing your certificates to
<JAVA_HOME>/lib/security/cacerts.
Example
docker run -d --name sonarqube -v /path/to/your/cacerts.truststore:/opt/java/openjdk/lib/security/cacerts:ro -p 9000:9000 sonarqube - Import your CA certificate the same way as in the zip installation but inside the container.
If you deploy SonarQube Server on Kubernetes using the official Helm Chart, you can create a new secret containing your required certificates and reference this via:
caCerts:
enabled: true
image: adoptopenjdk/openjdk17:alpine
secret: your-secretSonarQube Server DNS cache
When reporting Quality Gate status to DevOps platforms, SonarQube Server uses a DNS cache time to live policy of 30 seconds. If necessary, you can change this setting in your JVM:
echo "networkaddress.cache.ttl=5" >> "${JAVA_HOME}/conf/security/java.security" Please be aware that low values increase the risk of DNS spoofing attacks.
Was this page helpful?
© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.
