Introduction
SonarQube is an open-source web-based platform for code quality analysis based on Java. That is to detect bugs, code smells, and security vulnerabilities. It analyses a wide range of code written in different programming languages, for example, JavaScript, PHP, C#, C/C++, and Java through plugins. It's customizable to test certain aspects of the source code with limits dependent on the expected output. The output is a detailed report that captures all the domains within code quality analysis.
This article guides you on how to install SonarQube on Debian 11.0 server.
Prerequisites
Perform the following steps first:
- Deploy a Vultr Debian 11.0 Server.
- SSH into the server you deployed.
- Update the server.
- Create a non-root user with sudo access.
Step 1. Install Java 11
Update the packages.
$ sudo apt updateInstall dependencies.
$ sudo apt install wget unzip curl gnupg2 ca-certificates lsb-release socat -yInstall Java 11.
$ sudo apt-get install openjdk-11-jre -yStep 2. Install PostgreSQL
Add PostgreSQL repository.
$ sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ `lsb_release -cs`-pgdg main" >> /etc/apt/sources.list.d/pgdg.list'Add the PostgreSQL signing key.
$ wget -q https://www.postgresql.org/media/keys/ACCC4CF8.asc -O - | sudo apt-key add -Update the system.
$ sudo apt updateInstall PostgreSQL.
$ sudo apt-get install postgresql postgresql-contrib -yEnable PostgreSQL service to start on system boot.
$ sudo systemctl enable postgresqlStart PostgreSQL service.
$ sudo systemctl start postgresqlStep 3. Create SonarQube Database
Change postgres default user password.
$ sudo passwd postgresLog in with user postgres.
$ su - postgresCreate sonarqube user.
$ createuser sonarqubeEnter the PostgreSQL interactive shell.
$ psqlSet password for user sonarqube. Change SecurePassword with your secure password.
ALTER USER sonarqube WITH ENCRYPTED password 'SecurePassword';Create database named sonarqube.
CREATE DATABASE sonarqube OWNER sonarqube;Grant all the privileges on the sonarqube database to the sonarqube user.
GRANT ALL PRIVILEGES ON DATABASE sonarqube to sonarqube;Exit the PostgreSQL shell.
\qReturn to your non-root account.
$ exitStep 4. Install and Configure SonarQube
Download the latest version of SonarQube. To find the latest version, visit the download page.
$ wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-9.2.2.50622.zipExtract the downloaded archive.
$ sudo unzip sonarqube-9.2.2.50622.zipCreate the installation directory /opt/sonarqube.
$ sudo mkdir /opt/sonarqubeMove the extracted files into the installation directory.
$ sudo mv sonarqube-*/* /opt/sonarqubeCreate a System User account for SonarQube.
$ sudo useradd -M -d /opt/sonarqube/ -r -s /bin/bash sonarqubeChange the ownership of the installation directory.
$ sudo chown -R sonarqube:sonarqube -R /opt/sonarqubeEdit the properties file to update the database credential.
$ sudo nano /opt/sonarqube/conf/sonar.propertiesThe final file should have the following changes. Save and close the file.
sonar.jdbc.username=sonarqube
sonar.jdbc.password=SecurePassword
sonar.jdbc.url=jdbc:postgresql://localhost:5432/sonarqube
sonar.web.host=0.0.0.0Step 5. Add systemd Services
Create a systemd service file.
$ sudo nano /etc/systemd/system/sonarqube.serviceAdd the bellow code to the file. Save and close the file.
[Unit]
Description=SonarQube Service
After=syslog.target network.target
[Service]
Type=forking
ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start
ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop
User=sonarqube
Group=sonarqube
Restart=always
LimitNOFILE=65536
LimitNPROC=4096
[Install]
WantedBy=multi-user.targetEdit the sonar script file.
$ sudo nano /opt/sonarqube/bin/linux-x86-64/sonar.shFind this line. To search for it, use Control+W, enter search phrase then press Enter.
#RUN_AS_USER=Now uncomment the line and change it. Finally, save and exit the file.
RUN_AS_USER=sonarqubeReload the system daemon.
$ sudo systemctl daemon-reloadEnable SonarQube service to start on system boot.
$ sudo systemctl enable sonarqubeStart SonarQube service.
$ sudo systemctl start sonarqubeCheck the service status.
$ sudo systemctl status sonarqubeAllow SonarQube default port 9000 through the system's firewall.
$ sudo ufw allow 9000/tcpStep 6. Install and Configure Nginx
Install and configure Nginx as a reverse proxy for SonarQube. This enables you to access the web interface through port 80 instead of port 9000.
Install Nginx.
$ sudo apt-get install nginx -yEnable Nginx service to start on system boot.
$ sudo systemctl enable nginxUnlink Nginx default configuration file.
$ sudo unlink /etc/nginx/sites-enabled/defaultCreate a new Nginx configuration file named sonarqube.conf.
$ sudo nano /etc/nginx/sites-available/sonarqube.confAdd the following code to the file. Save and close the file.
server {
listen 80;
server_name example.com;
location / {
proxy_pass http://127.0.0.1:9000;
}
}Enable the new configuration file.
$ sudo ln -s /etc/nginx/sites-available/sonarqube.conf /etc/nginx/sites-enabled/sonarqube.confAllow port 80 through the system's firewall.
$ sudo ufw allow 80/tcpTest Nginx configuration.
$ sudo service nginx configtestRestart the Nginx service.
$ sudo systemctl restart nginxStep 7. Change Kernel Limits
Edit the sysctl configuration file to change some system defaults.
$ sudo nano /etc/sysctl.confAdd the below code to the file. Then, save and exit the file.
vm.max_map_count=262144
fs.file-max=65536
ulimit -n 65536
ulimit -u 4096Reload the sysctl configurations for changes to take effect.
$ sudo sysctl --systemStep 8. Access SonarQube
Go to your browser and go to the URL http://Server_IP/. For example:
http://192.0.2.11/Conclusion
You have installed SonarQube on Debian 11.0 server. Login with the default credential with your username as admin and your password as admin. You can now continue and begin creating accounts for code analysis.
More Information
For more information on SonarQube, please visit the official documentation.