Install SonarQube on Rocky Linux

This guide explains how to install and configure SonarQube on a Rocky Linux 9 server. SonarQube is an open-source static code analysis platform: it detects bugs, code smells, and security vulnerabilities, supports many programming languages, and automates code reviews to maintain high quality. SonarQube is Java-based and can be deployed on various Linux distributions (including Rocky Linux) or in containers (Docker, Kubernetes).

The deployment described here uses OpenJDK 17, PostgreSQL as the database, Apache as a reverse proxy, and Let's Encrypt for HTTPS.

Order a Server

To host your SonarQube instance, HostMyServers offers several suitable options:

Performance VPS - Ideal for small projects
NVMe VPS - Excellent value for money
Eco Dedicated Servers - For many projects or heavy analysis
Performance Dedicated Servers - Maximum performance

Prerequisites

SSH access as root or user with sudo
Rocky Linux 9 64-bit system
At least 4 GB RAM (SonarQube and Elasticsearch are memory-intensive)
A domain name (e.g. sonarqube.yourdomain.com) with an A record pointing to the server IP
Ports 80 (HTTP) and 443 (HTTPS) accessible

Required Configuration

Component	Minimum	Recommended
RAM	4 GB	8 GB
CPU	2 cores	4 cores
Storage	10 GB	20 GB
Network	100 Mbps	1 Gbps

Default port

SonarQube listens on port 9000 locally. Apache reverse-proxies to this port; public access is over HTTP/HTTPS on 80/443.

Connect to the Server

Connect via SSH to your Rocky Linux server:

ssh user@server_ip_address

System Update

Update packages before starting:

sudo dnf update -y

Install OpenJDK 17

SonarQube requires a JRE/JDK. SonarQube LTA (long-term active) 2025 requires Java 17 or 21. We use OpenJDK 17.

sudo dnf install -y java-17-openjdk java-17-openjdk-devel

Verify the installed version:

java -version

You should see a line like: openjdk version "17.x.x". If an older version is active, select Java 17 with: sudo alternatives --config java.

Create SonarQube User

SonarQube uses Elasticsearch for search and indexing; it must run as a non-root user. Create a dedicated system user:

sudo useradd --system sonarqube

PostgreSQL Database for SonarQube

SonarQube supports several database engines. We use PostgreSQL.

Install and initialize PostgreSQL

sudo dnf install -y postgresql-server postgresql-contrib
sudo postgresql-setup --initdb
sudo systemctl enable postgresql
sudo systemctl start postgresql

Create database and user

Connect to PostgreSQL as user postgres:

sudo -i -u postgres psql

In the PostgreSQL console, run (replace YOUR_PASSWORD with a strong password):

\password postgres
CREATE DATABASE sonardb;
CREATE USER sonaruser WITH ENCRYPTED PASSWORD 'YOUR_PASSWORD';
GRANT ALL PRIVILEGES ON DATABASE sonardb TO sonaruser;
\q

Enable password authentication (pg_hba.conf)

Edit the authentication configuration file:

sudo nano /var/lib/pgsql/data/pg_hba.conf

For local and TCP connections, use trust for "local" and md5 for "host" (e.g. 127.0.0.1/32 and ::1/128). Example:

# TYPE  DATABASE        USER            ADDRESS                 METHOD
local   all             all                                     trust
host    all             all             127.0.0.1/32            md5
host    all             all             ::1/128                 md5

Restart PostgreSQL:

sudo systemctl restart postgresql

Install SonarQube

SonarQube is not in the default DNF repositories. Download the archive from the official site.

Download and extract SonarQube

Check the SonarQube downloads page for the latest LTA version. Example with version 25.x (adjust the URL and folder name if needed):

sudo dnf install -y unzip
sudo mkdir -p /opt/sonarqube
cd /tmp
wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-25.1.0.102122.zip
unzip sonarqube-25.1.0.102122.zip
sudo mv sonarqube-25.1.0.102122/* /opt/sonarqube

Version

Replace sonarqube-25.1.0.102122 with the exact name of the extracted folder for the version you downloaded.

Install SonarScanner CLI (optional but useful)

SonarScanner lets you analyze projects from the command line. Download the latest version from SonarScanner CLI.

sudo mkdir -p /opt/sonarscanner
cd /tmp
wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.0.2.4839-linux-x64.zip
unzip sonar-scanner-cli-7.0.2.4839-linux-x64.zip
sudo mv sonar-scanner-7.0.2.4839-linux-x64/* /opt/sonarscanner

Configure the SonarQube server URL (for local analysis):

sudo nano /opt/sonarscanner/conf/sonar-scanner.properties

Add or set: sonar.host.url=http://127.0.0.1

Make the executable available system-wide:

sudo chmod +x /opt/sonarscanner/bin/sonar-scanner
sudo ln -sf /opt/sonarscanner/bin/sonar-scanner /usr/local/bin/sonar-scanner

Verify: sonar-scanner -v

Configure SonarQube

sonar.properties file

Edit the main SonarQube configuration:

sudo nano /opt/sonarqube/conf/sonar.properties

At the end of the file, add (replace YOUR_PASSWORD with the PostgreSQL user sonaruser password):

sonar.jdbc.username=sonaruser
sonar.jdbc.password=YOUR_PASSWORD
sonar.jdbc.url=jdbc:postgresql://localhost/sonardb
sonar.web.host=0.0.0.0
sonar.web.port=9000
sonar.web.javaOpts=-Xmx512m -Xms256m -XX:+HeapDumpOnOutOfMemoryError
sonar.search.javaOpts=-Xmx1g -Xms1g -XX:MaxDirectMemorySize=512m -XX:+HeapDumpOnOutOfMemoryError
sonar.path.data=data
sonar.path.temp=temp

Parameter	Description
`sonar.jdbc.*`	PostgreSQL connection
`sonar.web.host`	Listen on all interfaces (0.0.0.0)
`sonar.web.port`	Web interface port (9000)
`sonar.web.javaOpts`	JVM options for web server
`sonar.search.javaOpts`	JVM options for Elasticsearch (search engine)
`sonar.path.data` / `sonar.path.temp`	Data and temp directories

Permissions and system limits

Give ownership of the SonarQube directory to user sonarqube:

sudo chown -R sonarqube:sonarqube /opt/sonarqube
sudo chmod -R 775 /opt/sonarqube

SonarQube (Elasticsearch) needs a higher limit for memory-mapped areas. Add to /etc/sysctl.conf:

sudo nano /etc/sysctl.conf

Add at the end:

vm.max_map_count=524288
fs.file-max=131072

Then apply: sudo sysctl -p

systemd Service for SonarQube

SonarQube provides a startup script at /opt/sonarqube/bin/linux-x86-64/sonar.sh. Create a systemd service to use it.

SELinux context (Rocky Linux 9)

On Rocky Linux, SELinux is enabled. Allow the script to run:

sudo chcon -t bin_t /opt/sonarqube/bin/linux-x86-64/sonar.sh
sudo restorecon -Rv /opt/sonarqube

Service file

sudo nano /etc/systemd/system/sonarqube.service

Content:

[Unit]
Description=SonarQube service
After=syslog.target network.target

[Service]
Type=forking
User=sonarqube
Group=sonarqube
PermissionsStartOnly=true
ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start
ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop
Restart=always
RestartSec=10
LimitNOFILE=131072
LimitNPROC=8192
SuccessExitStatus=143
TimeoutStartSec=300

[Install]
WantedBy=multi-user.target

Enable and start the service:

sudo systemctl daemon-reload
sudo systemctl enable sonarqube
sudo systemctl start sonarqube
sudo systemctl status sonarqube

Status should show active (running). First startup may take several minutes (Elasticsearch and database initialization).

Apache Reverse Proxy and HTTPS

The SonarQube web interface is available on port 9000 locally. To expose it over HTTP/HTTPS, we use Apache as a reverse proxy.

Install Apache

sudo dnf install -y httpd
sudo systemctl enable httpd
sudo systemctl start httpd

Verify proxy modules are loaded: sudo httpd -M | grep proxy (proxy_module, proxy_http_module, proxy_balancer_module). If needed, uncomment the corresponding lines in /etc/httpd/conf/httpd.conf.

Virtual host for SonarQube

Create a configuration file for your domain (replace sonarqube.yourdomain.com with your domain):

sudo nano /etc/httpd/conf.d/sonarqube.conf

Content:

<VirtualHost *:80>
    ServerName sonarqube.yourdomain.com
    ServerAdmin admin@yourdomain.com
    ProxyPreserveHost On
    ProxyPass / http://localhost:9000/
    ProxyPassReverse / http://localhost:9000/
    TransferLog /var/log/httpd/sonarqube_access.log
    ErrorLog /var/log/httpd/sonarqube_error.log
</VirtualHost>

Test configuration and restart Apache:

sudo apachectl configtest
sudo systemctl restart httpd

Allow Apache to connect to backend (SELinux)

So Apache can proxy to localhost:9000:

sudo setsebool -P httpd_can_network_connect 1

Firewall

Open HTTP and HTTPS ports:

sudo firewall-cmd --add-service=http --permanent
sudo firewall-cmd --add-service=https --permanent
sudo firewall-cmd --reload

TLS certificate with Certbot (Let's Encrypt)

To secure access with HTTPS:

sudo dnf install -y certbot python3-certbot-apache
sudo certbot --apache -d sonarqube.yourdomain.com -m your-email@example.com --agree-tos

Certbot configures Apache for HTTPS and automatic certificate renewal.

Access SonarQube

Open a browser and go to: https://sonarqube.yourdomain.com
Log in with default credentials: admin / admin
SonarQube will prompt you to change the administrator password; choose a strong password.
For analysis (CI/CD or command line), create a user or token: Administration → Security → Users → Create user, then generate a token for that account.

Analyze a Project with SonarScanner

To test the installation, you can analyze an example project:

cd ~
mkdir -p projects && cd projects
git clone https://github.com/SonarSource/sonar-scanning-examples
cd sonar-scanning-examples/sonar-scanner

Generate a token in the SonarQube interface (Administration → Security → Users → Tokens), then run the analysis (replace YOUR_TOKEN with the generated token):

sonar-scanner -D sonar.token=YOUR_TOKEN

Once the analysis finishes, view the project in the interface: Projects → the analyzed project appears with metrics (bugs, vulnerabilities, coverage, duplications).

Useful Commands

Command	Description
`sudo systemctl status sonarqube`	SonarQube service status
`sudo systemctl restart sonarqube`	Restart SonarQube
`sudo systemctl restart httpd`	Restart Apache
`sonar-scanner -v`	SonarScanner version
`sonar-scanner -D sonar.token=TOKEN`	Run analysis with token

Directory Structure

Path	Description
`/opt/sonarqube/`	SonarQube installation (bin, conf, data, temp, extensions)
`/opt/sonarqube/conf/sonar.properties`	Main configuration
`/opt/sonarscanner/`	SonarScanner CLI installation
`/etc/httpd/conf.d/sonarqube.conf`	Apache virtual host

Troubleshooting

SonarQube service won't start

Check logs: sudo journalctl -u sonarqube.service -n 100
Check SonarQube logs: tail -f /opt/sonarqube/logs/sonar.log and tail -f /opt/sonarqube/logs/web.log
Verify PostgreSQL is running: sudo systemctl status postgresql
Check kernel parameters: sysctl vm.max_map_count (should be at least 524288)

503 error or page unreachable via Apache

Verify SonarQube is listening on 9000: ss -tlnp | grep 9000
Check SELinux: getsebool httpd_can_network_connect (should be "on")
Check Apache logs: sudo tail -f /var/log/httpd/sonarqube_error.log

Java or memory

If JVM options in sonar.properties are too low for your RAM, increase sonar.web.javaOpts and sonar.search.javaOpts (e.g. -Xmx1g for web, -Xmx2g for search depending on available RAM).

Order a Server​

Prerequisites​

Required Configuration​

Connect to the Server​

System Update​

Install OpenJDK 17​

Create SonarQube User​

PostgreSQL Database for SonarQube​

Install and initialize PostgreSQL​

Create database and user​

Enable password authentication (pg_hba.conf)​

Install SonarQube​

Download and extract SonarQube​

Install SonarScanner CLI (optional but useful)​

Configure SonarQube​

sonar.properties file​

Permissions and system limits​

systemd Service for SonarQube​

SELinux context (Rocky Linux 9)​

Service file​

Apache Reverse Proxy and HTTPS​

Install Apache​

Virtual host for SonarQube​

Allow Apache to connect to backend (SELinux)​

Firewall​

TLS certificate with Certbot (Let's Encrypt)​

Access SonarQube​

Analyze a Project with SonarScanner​

Useful Commands​

Directory Structure​

Troubleshooting​

SonarQube service won't start​

503 error or page unreachable via Apache​

Java or memory​

References​