🚀 Production-Grade SonarQube Setup Using PostgreSQL and Nginx on Ubuntu 22.04

SonarQube is a powerful open-source platform for continuous code quality inspection. Whether you're tracking bugs, code smells, or security vulnerabilities, it fits seamlessly into any DevOps workflow. In this guide, we’ll walk through deploying a production-ready SonarQube Community Edition using PostgreSQL 15 and Nginx as a reverse proxy on Ubuntu 22.04, secured with Let's Encrypt SSL.

🧰 Prerequisites

• A fresh Ubuntu 22.04 server with:

  • 2vCPU, 4GB RAM, 80GB SSD

  • At least 1 CPU, 2GB RAM, and 30GB disk minimum

• A non-root user with sudo privileges

• A domain name (e.g., sonarqube.example.com)

• Open ports: 80, 443, and 9000

✅ Step 1: Update the System

sudo apt update
sudo apt upgrade -y

☕ Step 2: Install Java (OpenJDK 17)

SonarQube requires Java 11 or 17. We'll go with OpenJDK 17.

sudo apt install openjdk-17-jdk -y
java -version

🐘 Step 3: Install and Configure PostgreSQL 15

Install PostgreSQL:

sudo apt install curl ca-certificates
sudo install -d /usr/share/postgresql-common/pgdg
sudo curl -o /usr/share/postgresql-common/pgdg/apt.postgresql.org.asc --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc
echo "deb [signed-by=/usr/share/postgresql-common/pgdg/apt.postgresql.org.asc] https://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" | sudo tee /etc/apt/sources.list.d/pgdg.list

sudo apt update
sudo apt install postgresql-15 -y

Configure Database and User:

sudo -i -u postgres
createuser sonar
createdb sonar -O sonar
psql

Inside the psql shell:

ALTER USER sonar WITH ENCRYPTED PASSWORD 'your_password';
\q
exit

📦 Step 4: Install SonarQube

wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-25.6.0.109173.zip
unzip sonarqube-25.6.0.109173.zip
sudo mv sonarqube-25.6.0.109173 /opt/sonarqube

Create SonarQube User:

sudo adduser --system --no-create-home --group --disabled-login sonarqube
sudo chown -R sonarqube:sonarqube /opt/sonarqube

⚙️ Step 5: Configure SonarQube

sudo nano /opt/sonarqube/conf/sonar.properties

Uncomment and update the following:

sonar.jdbc.username=sonar
sonar.jdbc.password=your_password
sonar.jdbc.url=jdbc:postgresql://localhost/sonar

🛠️ Step 6: Create a Systemd Service

sudo nano /etc/systemd/system/sonarqube.service

Add the following:

[Unit]
Description=SonarQube service
After=syslog.target network.target

[Service]
Type=forking

ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start
ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop

User=sonarqube
Group=sonarqube
Restart=always

LimitNOFILE=65536
LimitNPROC=4096

[Install]
WantedBy=multi-user.target

Then reload systemd and enable the service:

sudo systemctl daemon-reload
sudo systemctl start sonarqube
sudo systemctl enable sonarqube

🔧 Step 7: Optimize System Settings

File Descriptors:

sudo nano /etc/security/limits.conf

Add:

sonarqube   -   nofile   65536
sonarqube   -   nproc    4096

Virtual Memory:

sudo sysctl -w vm.max_map_count=262144
echo "vm.max_map_count=262144" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

🔥 Step 8: Configure UFW Firewall

sudo ufw allow 9000/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw reload

🌐 Step 9: Install and Configure Nginx

sudo apt install nginx -y

Create config:

sudo nano /etc/nginx/sites-available/sonarqube.example.com

Add:

server {
    listen 80;
    server_name sonarqube.example.com;

    access_log /var/log/nginx/sonarqube.access.log;
    error_log /var/log/nginx/sonarqube.error.log;

    location / {
        proxy_pass http://localhost:9000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Enable the site and restart Nginx:

sudo ln -s /etc/nginx/sites-available/sonarqube.example.com /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl restart nginx

🔐 Step 10: Secure with HTTPS (Let's Encrypt)

Install Certbot:

sudo apt install certbot python3-certbot-nginx -y

Issue SSL certificate:

sudo certbot --nginx -d sonarqube.example.com

Follow the prompts to auto-configure HTTPS.

✅ Step 11: Access SonarQube

Visit:

https://sonarqube.example.com

Default credentials:

• Username: admin

• Password: admin (you’ll be prompted to change it)

📌 Conclusion

You now have a production-ready SonarQube instance backed by PostgreSQL, fronted by Nginx, and secured with SSL.

🔒 Final Security & Ops Tips:

• Change default admin password immediately

• Regularly back up the SonarQube database

• Monitor logs: /opt/sonarqube/logs/

• Automate startup checks with systemctl status sonarqube