AWS

How to Set up SonarQube on AWS EC2

Habil Bozali

Habil Bozali

3 min read
How to Set up SonarQube on AWS EC2
Photo by John Schnobrich / Unsplash

Intro

In modern application development workflows, we are using many tools for improving code quality. Today's guest is one of them, SonarQube.

SonarQube is a self-managed, automatic code review tool that systematically helps you deliver clean code. SonarQube integrates into your existing workflow and detects issues in your code to help you perform continuous code inspections of your projects.

Why Self-managed and Not Containerized

The first answer is the easy one, self-managed SonarQube is free to use. The is no restriction, no total lines of code measurement and totally free. If you want to use fully managed SonarQube, stop and click here.

The second answer is, I want to split DevOps tools with the company applications. Because of that, I'm not preferred to run SonarQube in a container environment. (K8S, EKS.. etc)

Required Tools

Create Instance  

For simplicity, I'll use aws-cli to create the instance. You can create your instance via AWS Console of course. 

aws ec2 run-instances \
    --image-id ami-0d1ddd83282187d18 \
    --instance-type t3a.medium \
    --count 1 \
    --tag-specifications 'ResourceType=instance,Tags=[{Key=webserver,Value=production}]'
    --key-name KeyPair
💡
ami-0d1ddd83282187d18 : Canonical, Ubuntu, 22.04 LTS
t3a.medium : 2vCPU 4GB Memory
KeyPair : My previously created key-pair name.
You can pass more parameters if you wish. For more detail click here.

Allocate an elastic IP address.

aws ec2 allocate-address

Associate it with ec2.

aws ec2 associate-address --instance-id "your instance id" --allocation-id "your elastic ip id"

The Ec2 setup is done. Now you can connect your instance via the previously provided KeyPair.

SonarQube Installation

First thing first, update, upgrade and install the required tools.  

sudo apt update && sudo apt upgrade -y && sudo apt-get install unzip nginx certbot wget -y
💡
In this article, I'll not install any database. I assume you are using AWS RDS or a related service. 

Create sonarqube user

sudo adduser --system --no-create-home --group --disabled-login sonarqube

Create a SonarQube directory,  download SonarQube, unzip and change the permission of the extracted files.

cd /tmp
sudo wget  https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-9.9.0.65466.zip
unzip sonarqube-9.9.0.65466.zip
sudo mv sonarqube-9.9.0.65466 /opt/sonarqube
$ sudo chown -R sonarqube:sonarqube /opt/sonarqube

Change database and other required settings in sonar.properties.

sudo nano /opt/sonarqube/conf/sonar.properties

Here is the fields, you may want to change

sonar.jdbc.username=db_username
sonar.jdbc.password=db_password
sonar.jdbc.url=db_url
sonar.web.javaAdditionalOpts=-server
sonar.web.host=127.0.0.1 #nginx will handle the connection.

Create SonarQube service

sudo nano /etc/systemd/system/sonarqube.service

Add the following content to the file which specifies how the SonarQube service will start and stop.

[Unit]
Description=SonarQube service
After=syslog.target network.target
[Service]
Type=forking
ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start
ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop
User=sonarqube
Group=sonarqube
Restart=always
[Install]
WantedBy=multi-user.target

Start the service, check the status and configure the SonarQube service to start automatically on boot.

sudo service sonarqube start
sudo service sonarqube status
sudo systemctl enable sonarqube

Nginx & Certbot Configuration

Configure the proxy.

sudo nano /etc/nginx/sites-enabled/sonarqube
server {
    server_name sonar.yoursite.com;

    location / {
        proxy_pass http://127.0.0.1:9000;
    }
}

At this point, you can check your installation with the previously provided URL "sonar.yoursite.com". Now secure the SonarQube installation with Let's Encrypt.

sudo certbot --nginx -d sonarqube.yoursite.com
💡
Don't forget to provide a valid e-mail for the certificate.

Certbot will change some lines in your Nginx configuration. At the end of the process, you will have an Nginx configuration as follows.   

server {
    server_name sonar.yoursite.com;

    location / {
        proxy_pass http://127.0.0.1:9000;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/sonar.yoursite.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/sonar.yoursite.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = sonar.yoursite.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name sonar.yoursite.com;
    return 404; # managed by Certbot


}

Result

You have a fully working SonarQube instance on AWS EC2. In addition to setup, you may want to configure the "security group" and "data life cycle manager" for your server safety.

See you next week in my new post.

Read more