๐Ÿš€ Production-Grade SonarQube Setup Using PostgreSQL and Nginx on Ubuntu 22.04

Nishank KoulNishank Koul
3 min read

SonarQube is a powerful open-source platform for continuous code quality inspection. Whether you're tracking bugs, code smells, or security vulnerabilities, it fits seamlessly into any DevOps workflow. In this guide, weโ€™ll walk through deploying a production-ready SonarQube Community Edition using PostgreSQL 15 and Nginx as a reverse proxy on Ubuntu 22.04, secured with Let's Encrypt SSL.

๐Ÿงฐ Prerequisites

  • A fresh Ubuntu 22.04 server with:

    • 2vCPU, 4GB RAM, 80GB SSD

    • At least 1 CPU, 2GB RAM, and 30GB disk minimum

  • A non-root user with sudo privileges

  • A domain name (e.g., sonarqube.example.com)

  • Open ports: 80, 443, and 9000

โœ… Step 1: Update the System

sudo apt update
sudo apt upgrade -y

โ˜• Step 2: Install Java (OpenJDK 17)

SonarQube requires Java 11 or 17. We'll go with OpenJDK 17.

sudo apt install openjdk-17-jdk -y
java -version

๐Ÿ˜ Step 3: Install and Configure PostgreSQL 15

Install PostgreSQL:

sudo apt install curl ca-certificates
sudo install -d /usr/share/postgresql-common/pgdg
sudo curl -o /usr/share/postgresql-common/pgdg/apt.postgresql.org.asc --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc
echo "deb [signed-by=/usr/share/postgresql-common/pgdg/apt.postgresql.org.asc] https://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" | sudo tee /etc/apt/sources.list.d/pgdg.list

sudo apt update
sudo apt install postgresql-15 -y

Configure Database and User:

sudo -i -u postgres
createuser sonar
createdb sonar -O sonar
psql

Inside the psql shell:

ALTER USER sonar WITH ENCRYPTED PASSWORD 'your_password';
\q
exit

๐Ÿ“ฆ Step 4: Install SonarQube

wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-25.6.0.109173.zip
unzip sonarqube-25.6.0.109173.zip
sudo mv sonarqube-25.6.0.109173 /opt/sonarqube

Create SonarQube User:

sudo adduser --system --no-create-home --group --disabled-login sonarqube
sudo chown -R sonarqube:sonarqube /opt/sonarqube

โš™๏ธ Step 5: Configure SonarQube

sudo nano /opt/sonarqube/conf/sonar.properties

Uncomment and update the following:

sonar.jdbc.username=sonar
sonar.jdbc.password=your_password
sonar.jdbc.url=jdbc:postgresql://localhost/sonar

๐Ÿ› ๏ธ Step 6: Create a Systemd Service

sudo nano /etc/systemd/system/sonarqube.service

Add the following:

[Unit]
Description=SonarQube service
After=syslog.target network.target

[Service]
Type=forking

ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start
ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop

User=sonarqube
Group=sonarqube
Restart=always

LimitNOFILE=65536
LimitNPROC=4096

[Install]
WantedBy=multi-user.target

Then reload systemd and enable the service:

sudo systemctl daemon-reload
sudo systemctl start sonarqube
sudo systemctl enable sonarqube

๐Ÿ”ง Step 7: Optimize System Settings

File Descriptors:

sudo nano /etc/security/limits.conf

Add:

sonarqube   -   nofile   65536
sonarqube   -   nproc    4096

Virtual Memory:

sudo sysctl -w vm.max_map_count=262144
echo "vm.max_map_count=262144" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

๐Ÿ”ฅ Step 8: Configure UFW Firewall

sudo ufw allow 9000/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw reload

๐ŸŒ Step 9: Install and Configure Nginx

sudo apt install nginx -y

Create config:

sudo nano /etc/nginx/sites-available/sonarqube.example.com

Add:

server {
    listen 80;
    server_name sonarqube.example.com;

    access_log /var/log/nginx/sonarqube.access.log;
    error_log /var/log/nginx/sonarqube.error.log;

    location / {
        proxy_pass http://localhost:9000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Enable the site and restart Nginx:

sudo ln -s /etc/nginx/sites-available/sonarqube.example.com /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl restart nginx

๐Ÿ” Step 10: Secure with HTTPS (Let's Encrypt)

Install Certbot:

sudo apt install certbot python3-certbot-nginx -y

Issue SSL certificate:

sudo certbot --nginx -d sonarqube.example.com

Follow the prompts to auto-configure HTTPS.

โœ… Step 11: Access SonarQube

Visit:

https://sonarqube.example.com

Default credentials:

  • Username: admin

  • Password: admin (youโ€™ll be prompted to change it)

๐Ÿ“Œ Conclusion

You now have a production-ready SonarQube instance backed by PostgreSQL, fronted by Nginx, and secured with SSL.

๐Ÿ”’ Final Security & Ops Tips:

  • Change default admin password immediately

  • Regularly back up the SonarQube database

  • Monitor logs: /opt/sonarqube/logs/

  • Automate startup checks with systemctl status sonarqube

0
Subscribe to my newsletter

Read articles from Nishank Koul directly inside your inbox. Subscribe to the newsletter, and don't miss out.

sonarqubenginxSASTSecuritysecurity testing PostgreSQL

Written by

Nishank Koul
Nishank Koul