SonarQube
The following document describes the current SonarQube setup.
The Project
The current SonarQube setup relies on manual setup of:
- The Virtual Machine inside the archipelo-dev project on GCP
- PostgreSQL latest Docker container.
- SonarQube latest Docker container. See here for instructions.
- Manually installing SonarQube
- Manually installing NGINX
- Manually installing Certbot
The idea is to locate SonarQube on the same Virtual Machine as the Doccano to save money for additional resources.
Docker Network Creation
For the ease of communication between PostgreSQL and SonarQube containers, we need to create a new Docker network. This can be done by using the following command:
docker network create sonarqube_network
SonarQube PostgreSQL Configuration
To lower the number of managed resources and costs we decided to run the PostgreSQL container along side the SonarQube container.
To configure PostgreSQL container for SonarQube we create a new volume:
docker volume create db-data
And link the created volume to location on the disk:
mkdir /mnt/postgresql-data
ln -s /var/lib/docker/volumes/postgresql-data/ /mnt/postgresql-data
Once this is done, we can start the PostgreSQL container:
docker run --name postgres -e POSTGRES_PASSWORD=CHANGE_ME -v db-data:/var/lib/postgresql/data -p 5432:5432 --network sonarqube_network -d postgres
The CHANGE_ME should be set to the desired postgre user password. The password for the
current installation can be found in Keybase in the /team/archipelo/sonarqube folder.
Create User and Database for SonarQube
Once the container is running, we need to create the database that SonarQube will be able to use. Simply connect to the container:
docker exec -it postgres /bin/bash
And run:
psql -h localhost -U postgres
Once inside the PostgreSQL command line interface, execute the following commands:
create user sonarqube with password 'SONARQUBE_DB_PASSWORD';
create database sonarqube with owner sonarqube encoding 'UTF8';
The SONARQUBE_DB_PASSWORD value should be set to the desired password for the
sonarqube database user and is needed in the later configuration.
SonarQube Configuration
To setup SonarQube Docker container, we start by creating new volumes by running the following command:
docker volume create sonarqube-conf
docker volume create sonarqube-data
docker volume create sonarqube-logs
docker volume create sonarqube-extensions
We also need to create symbolic links between the above volumes and the physical location on the disk and we can do it by running the following commands:
mkdir /mnt/sonarqube
ln -s /var/lib/docker/volumes/sonarqube-conf /mnt/sonarqube/conf
ln -s /var/lib/docker/volumes/sonarqube-data /mnt/sonarqube/data
ln -s /var/lib/docker/volumes/sonarqube-logs /mnt/sonarqube/logs
ln -s /var/lib/docker/volumes/sonarqube-extensions /mnt/sonarqube/extensions
Once this is done, you can use the following command to start SonarQube:
docker run -d --name sonarqube -p 9000:9000 -v sonarqube_conf:/opt/sonarqube/conf -v sonarqube_data:/opt/sonarqube/data -v sonarqube_logs:/opt/sonarqube/logs -v sonarqube_extensions:/opt/sonarqube/extensions --network sonarqube_network -e SONAR_JDBC_URL=jdbc:postgresql://postgres/sonarqube -e SONAR_JDBC_USERNAME=sonarqube -e SONAR_JDBC_PASSWORD=SONARQUBE_DB_PASSWORD -e SONAR_ES_BOOTSTRAP_CHECKS_DISABLE=true -it sonarqube:latest
Remember to change the SONARQUBE_DB_PASSWORD to the password you set for the
sonarqube database user.
Setting up the Domain Name
The main domain sonarqube.archipelo.com is configured and handled by CloudFlare.
Setting Up NGINX
After installing NGINX on the same virtual machine that Doccano
is running, you need to configure it to handle the traffic on port 80. We also need to
make sure that the caching is turned off. To do that, remove the
/etc/nginx/sites-enabled/default file if present and create a new file in the
/etc/nginx/sites-enabled/ directory called sonarqube.
The contents of the newly created sonarqube file should look as follows:
server {
server_name sonarqube.archipelo.com;
location / {
proxy_pass http://localhost:9000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Frowarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_no_cache 1;
proxy_cache_bypass 1;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Last-Modified $date_gmt;
add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/sonarqube.archipelo.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/sonarqube.archipelo.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
server_name sonarqube.archipelo.com;
listen 80;
return 301 https://$host$request_uri;
}
The above configuration assumes that you will be using the sonarqube.archipelo.com as
the domain name.
After that, restart NGINX by running the following command:
service nginx restart
Setting Up SSL
SonarQube is configured to use the sonarqube.archipelo.com domain. Setting up SSL for it
doesn't require anything more than properly setting up NGINX and configuring the domain in
CloudFlare.
SSL For sonarqube.archipelo.com
To use sonarqube.archipelo.com you need to add the A record
that points to the IP address of the SonarQube virtual machine. You can do it via
CloudFlare. This requires asking a person with the admin
rights to do that for you, which includes:
- Dom
- Rafał
- Stepan
Once this is done, set up Certbot by running:
certbot --nginx
Answer the questions asked by the Certbot and it should guide you through the setup
process. The only thing to remember is to provide the appropriate e-mail to let the whole
engineering team know when the certificate will be expiring. We suggest using the
engineering@archipelo.co.
Once that is done, restart NGINX by running the following command:
service nginx restart