How to Set up SonarQube on AWS EC2
Intro
In modern application development workflows, we are using many tools for improving code quality. Today's guest is one of them, SonarQube.
SonarQube is a self-managed, automatic code review tool that systematically helps you deliver clean code. SonarQube integrates into your existing workflow and detects issues in your code to help you perform continuous code inspections of your projects.
Why Self-managed and Not Containerized
The first answer is the easy one, self-managed SonarQube is free to use. The is no restriction, no total lines of code measurement and totally free. If you want to use fully managed SonarQube, stop and click here.
The second answer is, I want to split DevOps tools with the company applications. Because of that, I'm not preferred to run SonarQube in a container environment. (K8S, EKS.. etc)
Required Tools
Create Instance
For simplicity, I'll use aws-cli to create the instance. You can create your instance via AWS Console of course.
aws ec2 run-instances \
--image-id ami-0d1ddd83282187d18 \
--instance-type t3a.medium \
--count 1 \
--tag-specifications 'ResourceType=instance,Tags=[{Key=webserver,Value=production}]'
--key-name KeyPair
t3a.medium : 2vCPU 4GB Memory
KeyPair : My previously created key-pair name.
You can pass more parameters if you wish. For more detail click here.
Allocate an elastic IP address.
aws ec2 allocate-address
Associate it with ec2.
aws ec2 associate-address --instance-id "your instance id" --allocation-id "your elastic ip id"
The Ec2 setup is done. Now you can connect your instance via the previously provided KeyPair.
SonarQube Installation
First thing first, update, upgrade and install the required tools.
sudo apt update && sudo apt upgrade -y && sudo apt-get install unzip nginx certbot wget -y
Create sonarqube user
sudo adduser --system --no-create-home --group --disabled-login sonarqube
Create a SonarQube directory, download SonarQube, unzip and change the permission of the extracted files.
cd /tmp
sudo wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-9.9.0.65466.zip
unzip sonarqube-9.9.0.65466.zip
sudo mv sonarqube-9.9.0.65466 /opt/sonarqube
$ sudo chown -R sonarqube:sonarqube /opt/sonarqube
Change database and other required settings in sonar.properties.
sudo nano /opt/sonarqube/conf/sonar.properties
Here is the fields, you may want to change
sonar.jdbc.username=db_username
sonar.jdbc.password=db_password
sonar.jdbc.url=db_url
sonar.web.javaAdditionalOpts=-server
sonar.web.host=127.0.0.1 #nginx will handle the connection.
Create SonarQube service
sudo nano /etc/systemd/system/sonarqube.service
Add the following content to the file which specifies how the SonarQube service will start and stop.
[Unit]
Description=SonarQube service
After=syslog.target network.target
[Service]
Type=forking
ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start
ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop
User=sonarqube
Group=sonarqube
Restart=always
[Install]
WantedBy=multi-user.target
Start the service, check the status and configure the SonarQube service to start automatically on boot.
sudo service sonarqube start
sudo service sonarqube status
sudo systemctl enable sonarqube
Nginx & Certbot Configuration
Configure the proxy.
sudo nano /etc/nginx/sites-enabled/sonarqube
server {
server_name sonar.yoursite.com;
location / {
proxy_pass http://127.0.0.1:9000;
}
}
At this point, you can check your installation with the previously provided URL "sonar.yoursite.com". Now secure the SonarQube installation with Let's Encrypt.
sudo certbot --nginx -d sonarqube.yoursite.com
Certbot will change some lines in your Nginx configuration. At the end of the process, you will have an Nginx configuration as follows.
server {
server_name sonar.yoursite.com;
location / {
proxy_pass http://127.0.0.1:9000;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/sonar.yoursite.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/sonar.yoursite.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = sonar.yoursite.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name sonar.yoursite.com;
return 404; # managed by Certbot
}
Result
You have a fully working SonarQube instance on AWS EC2. In addition to setup, you may want to configure the "security group" and "data life cycle manager" for your server safety.
See you next week in my new post.