Categories
Technology

Setting up a SonarQube Server in Azure

To get started with using SonarQube in Azure, do the following.

Create a virtual machine with the Standard B2s (~$30/month) size or larger.

SSH into the server and download all pre-reqs:

sudo apt-get update
sudo apt install openjdk-11-jre-headless unzip -y

Create a non-root user:

sudo adduser sonarqube
sudo usermod -aG sudo sonarqube
sudo su - sonarqube

Download and unzip SonarQube (you can get the wget URL from the Downloads page):

wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-8.1.0.31237.zip

sudo unzip sonarqube-8.1.0.31237.zip -d /opt/sonarqube

sudo mv /opt/sonarqube/sonarqube-8.1.0.31237/* /opt/sonarqube

sudo chown -R sonarqube /opt/sonarqube

Then start it using the following as the non-root user:

/opt/sonarqube/bin/linux-x86-64/sonar.sh console

Wait for the text SonarQube is up and then verify access at IP_ADDRESS:9000 (you can log in with admin/admin).

Set Up PostgreSQL

Next step is setting up a dedicated database – we will use PostgreSQL to accomplish this.

Install PostgreSQL:

sudo apt-get install postgresql -y

And connect into the server instance and run the following commands:

sudo -u postgres psql postgres

CREATE USER sonarqube WITH PASSWORD 'YOUR_PASSWORD'; CREATE ROLE
CREATE DATABASE sonarqube;
GRANT ALL PRIVILEGES ON DATABASE sonarqube to sonarqube;

Now modify /opt/sonarqube/conf/sonar.properties:

sonar.jdbc.url=jdbc:postgresql://localhost/sonarqube
sonar.jdbc.username=sonarqube
sonar.jdbc.password=mypassword

Add the following line to /etc/sysctl.conf:

vm.max_map_count=262144

To finish, restart the server, start up SonarQube again and verify that it can start up successfully, alongside having the “embedded DB” warning removed from the login screen.

Set to Run As A Service On VM Start

Next, we’ll set up the ability to start SonarQube on VM start by running SonarQube as a service.

Add the following file /etc/systemd/system/sonarqube.service:

[Unit]
Description=SonarQube service
After=syslog.target network.target

[Service]
Type=simple
User=sonarqube
Group=sonarqube
PermissionsStartOnly=true
ExecStart=/usr/bin/nohup /usr/bin/java -Xms32m -Xmx32m -Djava.net.preferIPv4Stack=true -jar /opt/sonarqube/lib/sonar-application-8.1.0.31237.jar
StandardOutput=syslog
LimitNOFILE=65536
LimitNPROC=8192
TimeoutStartSec=5
Restart=always
SuccessExitStatus=143

[Install]
WantedBy=multi-user.target

Then enable and start the service:

sudo systemctl enable sonarqube.service
sudo systemctl start sonarqube.service

Confirm by restarting the server and checking that SonarQube is running.

Setting up Reverse Proxy and HTTPS with Let’s Encrypt

Next step is setting up HTTPS, in this case we’ll use Let’s Encrypt for the certificate. To serve the correct ports, we’ll set up Apache and serve it as a proxy to the built-in Tomcat server that SonarQube provides.

When looking to configure Apache, set up the pre-reqs:

sudo apt install apache2 -y
sudo a2enmod proxy_http proxy_ajp rewrite deflate headers proxy_balancer proxy_connect proxy_html ssl lbmethod_byrequests slotmem_shm proxy

Add these lines to /etc/apache2/sites-enabled/000-default.conf:

ProxyPass / "http://localhost:9000/"
ProxyPassReverse / "http://localhost:9000/"

Restart Apache:

sudo systemctl restart apache2

And check that you can access SonarQube using port 80 (HTTP).

Once port 80 is accessible, you can follow the Certbot steps to enable HTTPS.

Next Steps

Leave a Reply

Your email address will not be published. Required fields are marked *