How to Use SonarQube on Ubuntu 22.04 LTS?
Introduction
SonarQube is a powerful tool for developers to check their code quality for issues and keep their software safe. They can detect them early to prevent bigger bugs. You can get a clear view of your code’s health for security, bad practices, and errors.
Moreover, it supports many programming languages. The tool gives detailed reports and shows useful suggestions to fix issues. It guides you to write code in a better way.
Well, SonarQube works in two parts – one part scans the code on your computer, and the other part keeps records on a server. So, it becomes easy to track code health over time with this setup. For detailed steps, see How to Install Nginx Web Server on Ubuntu 24.04?
Furthermore, the dashboard in SonarQube shows you where the code has issues. You can see each file’s status and understand what needs fixing. This tool also allows team collaboration. The whole team can follow one coding standard without much confusion.
SonarQube runs quite smoothly on Ubuntu 22.04 LTS as it is stable and widely trusted by developers. The system handles it well and gives you the support you need for smooth scanning.
However, you need to ensure your system meets some basic requirements to set up SonarQube on Ubuntu 22.04.
What are the Prerequisites?
- First, you should have a server with at least 2GB RAM and one vCPU core.
- It is also important to create a non-root user with sudo privileges for security.
- Further, your server needs to be up to date, and you should have a fully-qualified domain name pointing to your server, like
sonarqube.example.com
Configure Firewall
Start by configuring the firewall to allow SonarQube to run smoothly. You will need to open port 9000, which SonarQube uses. If you are using a reverse proxy, also open ports 80 and 443 for HTTP and HTTPS traffic. Use these commands to open the necessary ports with the Uncomplicated Firewall (UFW):
sudo ufw allow http sudo ufw allow https sudo ufw allow 9000/tcp
Check Firewall Status.
sudo ufw status
Install Java (OpenJDK 11)
SonarQube requires Java to run. Install OpenJDK 11 using the following command:
sudo apt install openjdk-11-jdk
Install PostgreSQL
- Next, install PostgreSQL, as it is used to store SonarQube’s data. You will first need to add the PostgreSQL repository key:
curl https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/apt.postgresql.org.gpg >/dev/null
- Set up the PostgreSQL repository.
sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
- Update repository information.
sudo apt update
- Install PostgreSQL and additional packages.
sudo apt install postgresql postgresql-contrib
- Check the PostgreSQL service status.
sudo systemctl status postgresql
Configure PostgreSQL
- Now, let’s configure PostgreSQL. Log in to the PostgreSQL shell.
sudo -u postgres psql
- Set up the
sonaruserrole.postgres=# CREATE ROLE sonaruser WITH LOGIN ENCRYPTED PASSWORD 'your_password';
- Set up the
sonarqubedatabase.postgres=# CREATE DATABASE sonarqube;
- Provide all permissions on the
sonarqubedatabase tosonaruser.postgres=# GRANT ALL PRIVILEGES ON DATABASE sonarqube to sonaruser;
- Close the shell session.
postgres=# \q
- Come back to user account (default).
exit
Install SonarQube on Ubuntu 22.04
- Now, download and install the latest version of SonarQube. First, get the download URL from the official SonarQube page and use it to fetch the archive.
wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-10.5.1.80531.zip
- Extract the SonarQube files from the package.
unzip -q sonarqube-10.5.1.80531.zip
- Transfer the files to the
/opt/sonarqubefolder.sudo mv sonarqube-10.5.1.80531 /opt/sonarqube
- Delete the archive with –
rm sonarqube-10.5.1.80531.zip
Create the SonarQube User
- Now, create a system user for SonarQube.
sudo adduser --system --no-create-home --group --disabled-login sonarqube
- Set SonarQube user ownership for the
/opt/sonarqubedirectory.sudo chown -R sonarqube:sonarqube /opt/sonarqube
Configure SonarQube
- Next, configure SonarQube to connect to the PostgreSQL database and make some performance tweaks. Edit the configuration file:
sudo nano /opt/sonarqube/conf/sonar.properties
- Uncomment and add your database credentials:
sonar.jdbc.username=sonaruser sonar.jdbc.password=your_password sonar.jdbc.url=jdbc:postgresql://localhost:5432/sonarqube
- You will also need to set SonarQube to listen only to localhost, especially if you are using a reverse proxy like Nginx:
sonar.web.host=127.0.0.1
- Save with Ctrl X and then Y
Finally, increase the virtual memory settings so that Elasticsearch functions –$ sudo nano /etc/sysctl.conf
- Add these lines to the end:
vm.max_map_count=524288 fs.file-max=131072
- Then, create the file
/etc/security/limits.d/99-sonarqube.confand set the file descriptors and threads:sudo nano /etc/security/limits.d/99-sonarqube.conf
- Add the following:
sonarqube - nofile 131072 sonarqube - nproc 8192
- Save again and reboot the system to apply these changes –
sudo reboot
Set Up SonarQube as a Service
- Create a systemd service file to start SonarQube on boot:
$ sudo nano /etc/systemd/system/sonarqube.service
- Here’s a sample configuration:
[Unit] Description=SonarQube service After=syslog.target network.target [Service] Type=forking ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop User=sonarqube Group=sonarqube PermissionsStartOnly=true Restart=always StandardOutput=syslog LimitNOFILE=65536 LimitNPROC=4060 TimeoutStartSec=5 SuccessExitStatus=143 [Install] WantedBy=multi-user.target
- Save the file and enable the service:
sudo systemctl start sonarqube sudo systemctl status sonarqube sudo systemctl enable sonarqube
- Verify if the server is running by checking the following URL.
curl http://127.0.0.1:9000
- Text similar to below confirms all is well.
<script> window.baseUrl = ''; window.serverStatus = 'UP'; window.instance = 'SonarQube'; window.official = true; </script>
Install Nginx for Reverse Proxy
- If you plan to use Nginx as a reverse proxy, install its dependencies with the following commands:
sudo apt install curl gnupg2 ca-certificates lsb-release ubuntu-keyring -y
- The below imports its signing key.
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \ | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
- Run the below command to add the Nginx repository.
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg arch=amd64] \ http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" \ | sudo tee /etc/apt/sources.list.d/nginx.list
- Update the package repository index.
sudo apt update
- Lastly, install Nginx.
sudo apt install nginx
- Enable the Nginx server to start.
sudo systemctl start nginx
Install SSL
For SSL, use Certbot to get a free SSL certificate:
- Make sure with the below commands that you have the latest
snapdversion required to install Certbot.sudo snap install core sudo snap refresh core
- Install the Certbot package.
sudo snap install --classic certbot
- Create a symbolic link pointing Certbot to
/usr/bin.sudo ln -s /snap/bin/certbot /usr/bin/certbot
- Create the SSL certificate.
sudo certbot certonly --nginx --agree-tos --no-eff-email --staple-ocsp --preferred-challenges http -m [email protected] -d sonarqube.example.com
- Test the SSL renewal process with a dry run to confirm functionality.
$ sudo certbot renew --dry-run
Configure Nginx for SonarQube
- Open the Nginx configuration file
nginx.conffor editing.sudo nano /etc/nginx/nginx.conf
- Locate the line
include /etc/nginx/conf.d/*.conf;and add the code snippet right beneath it.server_names_hash_bucket_size 64;
To save the file, press
Ctrl+Xand then hitY. - Then, create the SonarQube configuration for Nginx:
sudo nano /etc/nginx/conf.d/sonar.conf
- Add the configuration to redirect HTTP to HTTPS and set SSL settings:
server { listen 80; server_name sonarqube.example.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name sonarqube.example.com; ssl_certificate /etc/letsencrypt/live/sonarqube.example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/sonarqube.example.com/privkey.pem; proxy_pass http://127.0.0.1:9000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; }To save the file, press
Ctrl+Xand then hitY. - Validate the Nginx configuration syntax.
sudo nginx -t
- Reboot the Nginx service.
sudo systemctl restart nginx
If you want to learn more about What is Nginx, Read our detail guide blog.
Securing SonarQube
Once logged into SonarQube, change the default password. Create a new user for code scanning. Also, generate an authentication token for the new user and save it for future use. For better security, you can also enable encryption for database passwords and other sensitive data in the configuration file:
$ sudo nano /opt/sonarqube/conf/sonar.properties
- Add your secret key:
sonar.secretKeyPath=/opt/sonarqube/conf/sonar-secret.txt
To save the file, press
Ctrl+Xand then hitY. - Generate a secret key and update the file.
sudo nano /opt/sonarqube/conf/sonar-secret.txt
Add your secret key and save changes with
Ctrl+X, then pressY. - Make sure to restrict access to it.
sudo chown sonarqube:sonarqube /opt/sonarqube/conf/sonar-secret.txt
- Finally, restart SonarQube to apply the changes:
$ sudo systemctl restart sonarqube
Installing SonarQube’s Code Scanner
- To start scanning your code, you need to install SonarQube scanner. First, download the scanner:
$ wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.7.0.2747-linux.zip
- Decompress the archive.
sudo unzip sonar-scanner-cli-4.7.0.2747-linux.zip
- Move the directory to
/opt/sonarscanner.sudo mv sonar-scanner-4.7.0.2747-linux /opt/sonarscanner
- Now, configure the scanner by setting the SonarQube server URL:
sudo nano /opt/sonarscanner/conf/sonar-scanner.properties
- Set the following:
sonar.host.url=https://sonarqube.example.com
- Make the binary executable:
sudo chmod +x /opt/sonarscanner/bin/sonar-scanner
- Create a symbolic link for easy access:
sudo ln -s /opt/sonarscanner/bin/sonar-scanner /usr/local/bin/sonar-scanner
Scanning Example Projects
- You can test the scanner with SonarQube example projects. First, Set up a new folder for testing and navigate to it.
mkdir ~/sonar-example-test cd ~/sonar-example-test
- Download the sample project files
wget https://github.com/SonarSource/sonar-scanning-examples/archive/master.zip
- Extract the project fiels.
unzip master.zip
- Move into the example project folder.
cd sonar-scanning-examples-master/sonarqube-scanner
- Now, run the scanner:
sonar-scanner -D sonar.login=<YourLoginToken>
Once the scan finishes, you will see the following
Output:INFO: Analysis total time: 20.621 s INFO: ------------------------------------------------------------------------ INFO: EXECUTION SUCCESS INFO: ------------------------------------------------------------------------ INFO: Total time: 39.678s INFO: Final Memory: 27M/94M INFO: ------------------------------------------------------------------------
Scanning Your Own Code
- Move into your project’s root folder.
cd ~/myproject
- Finally, scan your own code. Create and open project configuration file:
nano sonar-project.properties
- Set a unique project key for your project in SonarQube.
Unique ID for the project sonar.projectKey=MyProject:Key1
- Set your project properties:
sonar.projectName=First Project sonar.projectVersion=1.0 sonar.projectDescription=My First Project
- Provide the path to your project files, relative to the directory of the configuration file.
sonar.sources=src
- Execute the scanner and include your login token.
sonar-scanner -D sonar.login=<YourLoginToken>
Conclusion
You have now installed SonarQube and scanned your code for quality issues. For more details and troubleshooting, you can check out SonarQube’s official documentation and community resources. Check our step-by-step guide to install nginx mysql php on ubuntu 24.04
