title: Install the Server
This section describes a single-node SonarQube instance. For details on clustered setup, see Install the Server as a Cluster.
A SonarQube instance comprises three components:
The SonarQube server running the following processes:
The database to store the following:
One or more scanners running on your build or continuous integration servers to analyze projects.
For optimal performance, the SonarQube server and database should be installed on separate hosts, and the server host should be dedicated. The server and database hosts should be located in the same network.
All hosts must be time-synchronized.
Several database engines are supported. Be sure to follow the requirements listed for your database. They are real requirements not recommendations.
Create an empty schema and a sonarqube
user. Grant this sonarqube
user permissions to create
, update
, and delete
objects for this schema.
collapse
| ## Microsoft SQL Server
|
|warning
|| Collation MUST be case-sensitive (CS) and accent-sensitive (AS).
|| READ_COMMITED_SNAPSHOT
MUST be set on the SonarQube database.
|
|MS SQL database’s shared lock strategy may impact SonarQube runtime. Making sure that is_read_committed_snapshot_on
is set to true
to prevent SonarQube from facing potential deadlocks under heavy loads.
|
|Example of query to check is_read_committed_snapshot_on
:
|
|SELECT is_read_committed_snapshot_on FROM sys.databases WHERE name='YourSonarQubeDatabase';
|
|Example of query to update is_read_committed_snapshot_on
:
|
|ALTER DATABASE YourSonarQubeDatabase SET READ_COMMITTED_SNAPSHOT ON WITH ROLLBACK IMMEDIATE;
|
|### Integrated Security
|
|To use integrated security:
|
|1. Download the Microsoft SQL JDBC Driver 9.2.0 package and copy mssql-jdbc_auth-9.2.0.x64.dll
to any folder in your path.
|
|2. If you’re running SonarQube as a Windows service, make sure the Windows account under which the service is running has permission to connect your SQL server. The account should have db_owner
database role membership.
|
| If you’re running the SonarQube server from a command prompt, the user under which the command prompt is running should have db_owner
database role membership.
|
|3. Ensure that sonar.jdbc.username
or sonar.jdbc.password
properties are commented out or SonarQube will use SQL authentication.
|
|
|sonar.jdbc.url=jdbc:sqlserver://localhost;databaseName=sonar;integratedSecurity=true
|
|
|### SQL Authentication
|
|To use SQL Authentication, use the following connection string. Also ensure that sonar.jdbc.username
and sonar.jdbc.password
are set appropriately:
|
|
|sonar.jdbc.url=jdbc:sqlserver://localhost;databaseName=sonar
|sonar.jdbc.username=sonarqube
|sonar.jdbc.password=mypassword
|
collapse | ## Oracle | |If there are two SonarQube schemas on the same Oracle instance, especially if they are for two different versions, SonarQube gets confused and picks the first it finds. To avoid this issue: | |- Either privileges associated to the SonarQube Oracle user should be decreased |- Or a trigger should be defined on the Oracle side to automatically alter the SonarQube Oracle user session when establishing a new connection: | |warning || Oracle JDBC driver versions 12.1.0.1 and 12.1.0.2 have major bugs, and are not recommended for use with the SonarQube (see more details).
collapse
| ## PostgreSQL
|
|If you want to use a custom schema and not the default “public” one, the PostgreSQL search_path
property must be set:
|
|
|ALTER USER mySonarUser SET search_path to mySonarQubeSchema
|
First, check the requirements. Then download and unzip the distribution (do not unzip into a directory starting with a digit).
SonarQube cannot be run as root
on Unix-based systems, so create a dedicated user account for SonarQube if necessary.
$SONARQUBE-HOME (below) refers to the path to the directory where the SonarQube distribution has been unzipped.
Edit $SONARQUBE-HOME/conf/sonar.properties to configure the database settings. Templates are available for every supported database. Just uncomment and configure the template you need and comment out the lines dedicated to H2:
Example for PostgreSQL
sonar.jdbc.username=sonarqube
sonar.jdbc.password=mypassword
sonar.jdbc.url=jdbc:postgresql://localhost/sonarqube
Drivers for the supported databases (except Oracle) are already provided. Do not replace the provided drivers; they are the only ones supported.
For Oracle, copy the JDBC driver into $SONARQUBE-HOME/extensions/jdbc-driver/oracle.
By default, Elasticsearch data is stored in $SONARQUBE-HOME/data, but this is not recommended for production instances. Instead, you should store this data elsewhere, ideally in a dedicated volume with fast I/O. Beyond maintaining acceptable performance, doing so will also ease the upgrade of SonarQube.
Edit $SONARQUBE-HOME/conf/sonar.properties to configure the following settings:
sonar.path.data=/var/sonarqube/data
sonar.path.temp=/var/sonarqube/temp
The user used to launch SonarQube must have read and write access to those directories.
The default port is “9000” and the context path is “/”. These values can be changed in $SONARQUBE-HOME/conf/sonar.properties:
sonar.web.host=192.168.0.1
sonar.web.port=80
sonar.web.context=/sonarqube
Execute the following script to start the server:
You can now browse SonarQube at http://localhost:9000 (the default System administrator credentials are admin
/admin
).
If there are multiple versions of Java installed on your server, you may need to explicitly define which version of Java is used.
To change the Java JVM used by SonarQube, edit $SONARQUBE-HOME/conf/wrapper.conf and update the following line:
wrapper.java.command=/path/to/my/jdk/bin/java
See your SonarQube version below for instructions on installing the server from a Docker image.
Follow these steps for your first installation:
Creating the following volumes helps prevent the loss of information when updating to a new version or upgrading to a higher edition:
sonarqube_data
– contains data files, such as the embedded H2 database and Elasticsearch indexessonarqube_logs
– contains SonarQube logs about access, web process, CE process, and Elasticsearchsonarqube_extensions
– will contain any plugins you install and the Oracle JDBC driver if necessary.
Create the volumes with the following commands:
$> docker volume create --name sonarqube_data
$> docker volume create --name sonarqube_logs
$> docker volume create --name sonarqube_extensions
warning | Make sure you’re using volumes as shown with the above commands, and not bind mounts. Using bind mounts prevents plugins from populating correctly.
Drivers for supported databases (except Oracle) are already provided. If you’re using an Oracle database, you need to add the JDBC driver to the sonar_extensions
volume. To do this:
a. Start the SonarQube container with the embedded H2 database:
$ docker run --rm \
-p 9000:9000 \
-v sonarqube_extensions:/opt/sonarqube/extensions \
<image_name>
b. Exit once SonarQube has started properly.
c. Copy the Oracle JDBC driver into sonarqube_extensions/jdbc-driver/oracle
.
Run the image with your database properties defined using the -e environment variable flag:
$> docker run -d --name sonarqube \
-p 9000:9000 \
-e SONAR_JDBC_URL=... \
-e SONAR_JDBC_USERNAME=... \
-e SONAR_JDBC_PASSWORD=... \
-v sonarqube_data:/opt/sonarqube/data \
-v sonarqube_extensions:/opt/sonarqube/extensions \
-v sonarqube_logs:/opt/sonarqube/logs \
<image_name>
For more configuration environment variables, see the Docker Environment Variables.
warning
| Use of the environment variables SONARQUBE_JDBC_USERNAME
, SONARQUBE_JDBC_PASSWORD
, and SONARQUBE_JDBC_URL
is deprecated and will stop working in future releases.
If you’re using Docker Compose, use the following example as a reference when configuring your .yml
file. Click the heading below to expand the .yml
file.
collapse
| ## Docker Compose .yml file example
|
|
| version: "3"
|
| services:
| sonarqube:
| image: sonarqube:8-community
| depends_on:
| - db
| environment:
| SONAR_JDBC_URL: jdbc:postgresql://db:5432/sonar
| SONAR_JDBC_USERNAME: sonar
| SONAR_JDBC_PASSWORD: sonar
| volumes:
| - sonarqube_data:/opt/sonarqube/data
| - sonarqube_extensions:/opt/sonarqube/extensions
| - sonarqube_logs:/opt/sonarqube/logs
| ports:
| - "9000:9000"
| db:
| image: postgres:12
| environment:
| POSTGRES_USER: sonar
| POSTGRES_PASSWORD: sonar
| volumes:
| - postgresql:/var/lib/postgresql
| - postgresql_data:/var/lib/postgresql/data
|
| volumes:
| sonarqube_data:
| sonarqube_extensions:
| sonarqube_logs:
| postgresql:
| postgresql_data:
|
Follow these steps for your first installation:
Create volumes sonarqube_conf
, sonarqube_data
, sonarqube_logs
, and sonarqube_extensions
and start the image with the following command. This will populate all the volumes (copying default plugins, create the Elasticsearch data folder, create the sonar.properties configuration file). Watch the logs, and, once the container is properly started, you can force-exit (ctrl+c) and proceed to the next step.
$ docker run --rm \
-p 9000:9000 \
-v sonarqube_conf:/opt/sonarqube/conf \
-v sonarqube_extensions:/opt/sonarqube/extensions \
-v sonarqube_logs:/opt/sonarqube/logs \
-v sonarqube_data:/opt/sonarqube/data \
<image_name>
Configure sonar.properties if needed. Please note that due to SONAR-12501, providing sonar.jdbc.url
, sonar.jdbc.username
, sonar.jdbc.password
and sonar.web.javaAdditionalOpts
in sonar.properties
is not working, and you will need to explicitly define theses values in the docker run command with the -e
flag.
#Example for PostgreSQL
-e sonar.jdbc.url=jdbc:postgresql://localhost/sonarqube
info
| Drivers for supported databases (except Oracle) are already provided. Do not replace the provided drivers; they are the only ones supported. For Oracle, you need to copy the JDBC driver into $SONARQUBE_HOME/extensions/jdbc-driver/oracle
.
Run the image with your JDBC username and password :
$ docker run -d --name sonarqube \
-p 9000:9000 \
-e sonar.jdbc.url=... \
-e sonar.jdbc.username=... \
-e sonar.jdbc.password=... \
-v sonarqube_conf:/opt/sonarqube/conf \
-v sonarqube_extensions:/opt/sonarqube/extensions \
-v sonarqube_logs:/opt/sonarqube/logs \
-v sonarqube_data:/opt/sonarqube/data \
<image_name>
Once your server is installed and running, you may also want to Install Plugins. Then you’re ready to begin Analyzing Source Code.
Double check that settings for proxy are correctly set in $SONARQUBE_HOME/conf/sonar.properties
.
Note that if your proxy username contains a backslash, then it should be escaped - for example username “domain\user” in file should look like:
http.proxyUser=domain\\user
For some proxies, the exception “java.net.ProtocolException: Server redirected too many times” might mean an incorrect username or password has been configured.
SonarQube starts an Elasticsearch process, and the same account that is running SonarQube itself will be used for the Elasticsearch process. Since Elasticsearch cannot be run as root
, that means SonarQube can’t be either. You must choose some other, non-root
account with which to run SonarQube, preferably an account dedicated to the purpose.
If you run SonarQube in an environment with a lot of DNS friction, you should define a DNS cache time to live policy as, by default, SonarQube will hold the DNS cache until it is restarted. You can set this policy to five seconds by doing the following:
echo "networkaddress.cache.ttl=5" >> "${JAVA_HOME}/conf/security/java.security"
Please be aware that this increases the risk of DNS spoofing attacks.