-
Notifications
You must be signed in to change notification settings - Fork 27
/
Sonarqube_Production_Postgresql
188 lines (130 loc) · 5.22 KB
/
Sonarqube_Production_Postgresql
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
SonarQube is an open-source platform for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells,
and security vulnerabilities. This tutorial will guide you through the steps to install and configure SonarQube Community Edition on a Linux system.
A fresh Ubuntu 22.04 dedicated server
A user with sudo privileges
Java 11 or 17 installed (SonarQube requires a specific version of Java)
For this tutorial, we have used cloud server with the configuration of 2 vCPU, 4 GB RAM, 8 GB SSD. It should have at least 2GB of RAM 1 CPU core and 8-30 GB free space.
Step 1: Update the System
First, ensure your system is up-to-date:
$ sudo apt update
$ sudo apt upgrade -y
Step 2: Install Java
SonarQube requires Java 11 or 17. We will install OpenJDK 17.
$ sudo apt install openjdk-17-jdk -y
Verify the installation:
$ java -version
Step 3: Install PostgreSQL
$ sudo apt install curl ca-certificates
$ sudo install -d /usr/share/postgresql-common/pgdg
$ sudo curl -o /usr/share/postgresql-common/pgdg/apt.postgresql.org.asc --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc
$ sudo sh -c 'echo "deb [signed-by=/usr/share/postgresql-common/pgdg/apt.postgresql.org.asc] https://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
Update and install PostgreSQL 15
$ sudo apt update
$ sudo apt install postgresql-15 -y
Now, let's configure PostgreSQL
Switch to the PostgreSQL user
$ sudo -i -u postgres
Create a new user and database for SonarQube:
$ createuser sonar
$ createdb sonar -O sonar
$ psql
Inside the PostgreSQL shell, set a password for the sonar user:
$ ALTER USER sonar WITH ENCRYPTED PASSWORD 'Password';
$ \q
Exit the PostgreSQL user
$ exit
Step 4: Install SonarQube
Try to download the latest version
$ wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-10.5.1.90531.zip
Install Unzip software
$ sudo apt update
$ sudo apt install unzip
Extract the SonarQube package
$ unzip sonarqube-10.5.1.90531.zip
$ sudo mv sonarqube-10.5.1.90531 /opt/sonarqube
Create a SonarQube user
$ sudo adduser --system --no-create-home --group --disabled-login sonarqube
Change ownership of the SonarQube directory
$ sudo chown -R sonarqube:sonarqube /opt/sonarqube
Now, let's configure SonarQube
Edit the SonarQube configuration file
$ sudo vi /opt/sonarqube/conf/sonar.properties
Add the below lines
sonar.jdbc.username=sonar
sonar.jdbc.password=your_password (Add your password)
sonar.jdbc.url=jdbc:postgresql://localhost/sonar
Step 5: Create a Systemd Service File
Create a new service file for SonarQube
$ sudo vi /etc/systemd/system/sonarqube.service
Add the following content
[Unit]
Description=SonarQube service
After=syslog.target network.target
[Service]
Type=forking
ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start
ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop
User=sonarqube
Group=sonarqube
Restart=always
LimitNOFILE=65536
LimitNPROC=4096
[Install]
WantedBy=multi-user.target
Reload the systemd daemon and start SonarQube
$ sudo systemctl daemon-reload
$ sudo systemctl start sonarqube
$ sudo systemctl enable sonarqube
Step 6: File Descriptors
Check the current limit:
$ ulimit -n
It should be at least 65536. To increase it, add the following to /etc/security/limits.conf
$ sudo vi /etc/security/limits.conf
Add the following lines
sonarqube - nofile 65536
sonarqube - nproc 4096
Check and set the virtual memory limit
$ sudo sysctl -w vm.max_map_count=262144
To make this change permanent, add it to /etc/sysctl.conf
$ sudo vi /etc/sysctl.conf
Add the following line
$ vm.max_map_count=262144
Apply the changes
$ sudo sysctl -p
Step 7: Configure Firewall
We need to add ports in firewall
$ ufw allow 9000/tcp
$ ufw allow 80/tcp
$ ufw allow 443/tcp
$ ufw reload
Step 8: Install and Configure Nginx
Install Nginx
$ sudo apt install nginx -y
Create a new Nginx configuration file for SonarQube
$ sudo vi /etc/nginx/sites-available/sonarqube.example.com
Note: Replace sonarqube.example.com with your domain name/public IP
Add the following content
server {
listen 80;
server_name 192.168.90.90;
access_log /var/log/nginx/sonarqube.access.log;
error_log /var/log/nginx/sonarqube.error.log;
location / {
proxy_pass http://localhost:9000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Note: 192.168.90.90 - It's my public IP
Enable the new configuration
$ sudo ln -s /etc/nginx/sites-available/sonarqube.example.com /etc/nginx/sites-enabled/
Test the Nginx configuration and restart Nginx
$ sudo nginx -t
$ sudo systemctl restart nginx
Access Sonarqube from the browser
Open your web browser and go to https://your_domain_or_ip. You should see the SonarQube login page. The default credentials are
Username: admin
Password: admin
Upon first login, you will be prompted to change the default password.