How to Install and Configure SonarQube on RHEL 8

SonarQube is an open-source static analysis platform that inspects code quality, detects bugs, security vulnerabilities, and code smells across more than thirty programming languages. On RHEL 8, SonarQube requires a Java 17 runtime, a PostgreSQL database for persistent storage, and several Linux kernel tuning parameters to run reliably. This tutorial guides you through every installation step — from provisioning the database and creating a dedicated system user, to configuring the SonarQube service and setting up your first project. By the end you will have a fully operational SonarQube Community Edition instance accessible on port 9000.

Prerequisites

• RHEL 8 server with at least 4 GB RAM and 2 vCPUs (8 GB RAM recommended for production)
• A non-root user with sudo privileges or a root shell
• Internet access for package downloads
• PostgreSQL 13 or newer (covered in Step 2)
• Ports 9000 (SonarQube) open or managed through firewalld

Step 1 — Install Java 17

SonarQube requires Java 17. RHEL 8 ships OpenJDK 17 in its standard repositories.

dnf install -y java-17-openjdk java-17-openjdk-devel

java -version
# Expected: openjdk version "17.x.x" ...

# Set JAVA_HOME for the system
echo 'export JAVA_HOME=/usr/lib/jvm/java-17-openjdk' >> /etc/profile.d/java.sh
source /etc/profile.d/java.sh
echo $JAVA_HOME

Step 2 — Install PostgreSQL and Create the SonarQube Database

SonarQube requires a dedicated database. PostgreSQL is the recommended production backend.

dnf install -y postgresql-server postgresql-contrib

postgresql-setup --initdb
systemctl enable --now postgresql

# Create the SonarQube database user and database
sudo -u postgres psql <<'EOF'
CREATE USER sonarqube WITH ENCRYPTED PASSWORD 'SonarSecurePass1!';
CREATE DATABASE sonarqubedb OWNER sonarqube;
GRANT ALL PRIVILEGES ON DATABASE sonarqubedb TO sonarqube;
EOF

# Allow password authentication for the sonarqube user in pg_hba.conf
sed -i '/^host.*all.*all.*127.0.0.1/s/ident/md5/' /var/lib/pgsql/data/pg_hba.conf
systemctl restart postgresql

Step 3 — Configure Kernel Parameters

SonarQube’s Elasticsearch engine requires elevated virtual memory map counts and file descriptor limits. Apply these settings persistently via sysctl and security limits.

cat > /etc/sysctl.d/99-sonarqube.conf <> /etc/security/limits.conf <<'EOF'
sonarqube   -   nofile   131072
sonarqube   -   nproc    8192
EOF

Step 4 — Download SonarQube and Create a System User

Download SonarQube Community Edition from the official distribution page, extract it to /opt, and create a dedicated system account. SonarQube’s Elasticsearch component refuses to run as root.

SONAR_VERSION="10.5.1.90531"
cd /opt

curl -LO https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-${SONAR_VERSION}.zip
dnf install -y unzip
unzip sonarqube-${SONAR_VERSION}.zip
mv sonarqube-${SONAR_VERSION} sonarqube
rm sonarqube-${SONAR_VERSION}.zip

# Create the dedicated system user
useradd -r -s /bin/false -d /opt/sonarqube sonarqube
chown -R sonarqube:sonarqube /opt/sonarqube

Step 5 — Configure sonar.properties and Create the systemd Service

Edit the main SonarQube configuration file to point at the PostgreSQL database, then create a systemd unit so the service starts on boot.

# Configure JDBC connection (uncomment and set the following lines)
sed -i 's|#sonar.jdbc.username=|sonar.jdbc.username=sonarqube|' 
  /opt/sonarqube/conf/sonar.properties
sed -i 's|#sonar.jdbc.password=|sonar.jdbc.password=SonarSecurePass1!|' 
  /opt/sonarqube/conf/sonar.properties
sed -i 's|#sonar.jdbc.url=jdbc:postgresql.*|sonar.jdbc.url=jdbc:postgresql://localhost/sonarqubedb|' 
  /opt/sonarqube/conf/sonar.properties

# Create the systemd service unit
cat > /etc/systemd/system/sonarqube.service <<'EOF'
[Unit]
Description=SonarQube service
After=syslog.target network.target postgresql.service

[Service]
Type=forking
ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start
ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop
User=sonarqube
Group=sonarqube
Restart=always
LimitNOFILE=131072
LimitNPROC=8192

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable --now sonarqube
systemctl status sonarqube

Step 6 — Open Firewall Port and Set Up Your First Project

Allow traffic to SonarQube’s default port through firewalld, then access the web UI to create your first project and generate an analysis token.

firewall-cmd --permanent --add-port=9000/tcp
firewall-cmd --reload
firewall-cmd --list-ports

# Tail the log to confirm startup (takes 1-2 minutes)
tail -f /opt/sonarqube/logs/sonar.log | grep "SonarQube is operational"

Once SonarQube is operational, open http://<server-ip>:9000 in a browser. Log in with the default credentials admin / admin and immediately set a new password when prompted. Click Create Project → Manually, provide a project key and display name, then generate an analysis token. Use this token with SonarScanner or Maven/Gradle plugins to push analysis results to the server.

Conclusion

You have installed SonarQube Community Edition on RHEL 8 with a PostgreSQL backend, applied the required kernel and security limit parameters, and configured a systemd service for automatic startup. Your SonarQube instance is now ready to receive code quality analysis from any supported language project. Integrating SonarQube into your CI pipeline ensures that every commit is automatically evaluated for quality gates before deployment.

Next steps: How to Install Nexus Repository Manager on RHEL 8, How to Build a Jenkins CI/CD Pipeline on RHEL 8, and How to Set Up ArgoCD for GitOps on RHEL 8.