Introduction
SonarQube is an open-source web-based platform for code quality analysis based on Java. That is to detect bugs, code smells, and security vulnerabilities. It analyses a wide range of code written in different programming languages, for example, JavaScript, PHP, C#, C/C++, and Java through plugins. It's customizable to test certain aspects of the source code with limits dependent on the expected output. The output is a detailed report that captures all the domains within code quality analysis.
This article guides you on how to install SonarQube on Debian 11.0 server.
Prerequisites
Perform the following steps first:
SSH into the server you deployed.
Step 1. Install Java 11
Update the packages.
$ sudo apt update
Install dependencies.
$ sudo apt install wget unzip curl gnupg2 ca-certificates lsb-release socat -y
Install Java 11.
$ sudo apt-get install openjdk-11-jre -y
Step 2. Install PostgreSQL
Add PostgreSQL repository.
$ sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ `lsb_release -cs`-pgdg main" >> /etc/apt/sources.list.d/pgdg.list'
Add the PostgreSQL signing key.
$ wget -q https://www.postgresql.org/media/keys/ACCC4CF8.asc -O - | sudo apt-key add -
Update the system.
$ sudo apt update
Install PostgreSQL.
$ sudo apt-get install postgresql postgresql-contrib -y
Enable PostgreSQL service to start on system boot.
$ sudo systemctl enable postgresql
Start PostgreSQL service.
$ sudo systemctl start postgresql
Step 3. Create SonarQube Database
Change postgres
default user password.
$ sudo passwd postgres
Log in with user postgres
.
$ su - postgres
Create sonarqube
user.
$ createuser sonarqube
Enter the PostgreSQL interactive shell.
$ psql
Set password for user sonarqube
. Change SecurePassword
with your secure password.
ALTER USER sonarqube WITH ENCRYPTED password 'SecurePassword';
Create database named sonarqube
.
CREATE DATABASE sonarqube OWNER sonarqube;
Grant all the privileges on the sonarqube
database to the sonarqube
user.
GRANT ALL PRIVILEGES ON DATABASE sonarqube to sonarqube;
Exit the PostgreSQL shell.
\q
Return to your non-root account.
$ exit
Step 4. Install and Configure SonarQube
Download the latest version of SonarQube. To find the latest version, visit the download page.
$ wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-9.2.2.50622.zip
Extract the downloaded archive.
$ sudo unzip sonarqube-9.2.2.50622.zip
Create the installation directory /opt/sonarqube
.
$ sudo mkdir /opt/sonarqube
Move the extracted files into the installation directory.
$ sudo mv sonarqube-*/* /opt/sonarqube
Create a System User account for SonarQube.
$ sudo useradd -M -d /opt/sonarqube/ -r -s /bin/bash sonarqube
Change the ownership of the installation directory.
$ sudo chown -R sonarqube:sonarqube -R /opt/sonarqube
Edit the properties file to update the database credential.
$ sudo nano /opt/sonarqube/conf/sonar.properties
The final file should have the following changes. Save and close the file.
sonar.jdbc.username=sonarqube
sonar.jdbc.password=SecurePassword
sonar.jdbc.url=jdbc:postgresql://localhost:5432/sonarqube
sonar.web.host=0.0.0.0
Step 5. Add systemd Services
Create a systemd service file.
$ sudo nano /etc/systemd/system/sonarqube.service
Add the bellow code to the file. Save and close the file.
[Unit]
Description=SonarQube Service
After=syslog.target network.target
[Service]
Type=forking
ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start
ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop
User=sonarqube
Group=sonarqube
Restart=always
LimitNOFILE=65536
LimitNPROC=4096
[Install]
WantedBy=multi-user.target
Edit the sonar script file.
$ sudo nano /opt/sonarqube/bin/linux-x86-64/sonar.sh
Find this line. To search for it, use CTRL+W, enter search phrase then press ENTER.
#RUN_AS_USER=
Now uncomment the line and change it. Finally, save and exit the file.
RUN_AS_USER=sonarqube
Reload the system daemon.
$ sudo systemctl daemon-reload
Enable SonarQube service to start on system boot.
$ sudo systemctl enable sonarqube
Start SonarQube service.
$ sudo systemctl start sonarqube
Check the service status.
$ sudo systemctl status sonarqube
Allow SonarQube default port 9000
through the system's firewall.
$ sudo ufw allow 9000/tcp
Step 6. Install and Configure Nginx
Install and configure Nginx as a reverse proxy for SonarQube. This enables you to access the web interface through port 80 instead of port 9000.
Install Nginx.
$ sudo apt-get install nginx -y
Enable Nginx service to start on system boot.
$ sudo systemctl enable nginx
Unlink Nginx default configuration file.
$ sudo unlink /etc/nginx/sites-enabled/default
Create a new Nginx configuration file named sonarqube.conf
.
$ sudo nano /etc/nginx/sites-available/sonarqube.conf
Add the following code to the file. Save and close the file.
server {
listen 80;
server_name example.com;
location / {
proxy_pass http://127.0.0.1:9000;
}
}
Enable the new configuration file.
$ sudo ln -s /etc/nginx/sites-available/sonarqube.conf /etc/nginx/sites-enabled/sonarqube.conf
Allow port 80
through the system's firewall.
$ sudo ufw allow 80/tcp
Test Nginx configuration.
$ sudo service nginx configtest
Restart the Nginx service.
$ sudo systemctl restart nginx
Step 7. Change Kernel Limits
Edit the sysctl
configuration file to change some system defaults.
$ sudo nano /etc/sysctl.conf
Add the below code to the file. Then, save and exit the file.
vm.max_map_count=262144
fs.file-max=65536
ulimit -n 65536
ulimit -u 4096
Reload the sysctl
configurations for changes to take effect.
$ sudo sysctl --system
Step 8. Access SonarQube
Go to your browser and go to the URL http://Server_IP/
. For example:
http://192.0.2.11/
Conclusion
You have installed SonarQube on Debian 11.0 server. Login with the default credential with your username as admin and your password as admin. You can now continue and begin creating accounts for code analysis.
More Information
For more information on SonarQube, please visit the official documentation.