๐ Deploying SonarQube on Azure Ubuntu VM (Private IP Only) โ Enterprise Production Guide
Realโworld DevOps implementation in a corporate Azure environment with private networking, PostgreSQL, NSG, and firewall troubleshooting.
๐ Introduction
In most enterprise environments, Azure Virtual Machines do not have public IP addresses due to strict security policies. Access is allowed only through:
VPN access ๐
Private IP networking ๐
Network Security Groups (NSG) ๐ก๏ธ
Corporate Firewall Rules ๐ฅ
Recently, I deployed SonarQube in my organization's Azure Dev environment on an Ubuntu VM with only a private IP.
During this setup, I faced multiple realโworld production issues such as:
SonarQube not starting
PostgreSQL permission errors
Port not listening
NSG allowed but still inaccessible
Firewall blocking access
This blog explains the complete setup, troubleshooting, and production best practices.
๐งญ Quick Overview of Steps
| Step | Task | Purpose |
|---|---|---|
| 1 | Connect to VM | Access private Azure VM via SSH |
| 2 | Update system | Install latest security updates |
| 3 | Install Java 17 | SonarQube runtime dependency |
| 4 | Install PostgreSQL | Production database |
| 5 | Create DB and user | Dedicated secure database |
| 6 | Download SonarQube | Install application |
| 7 | Create sonar user | Run service securely |
| 8 | Configure sonar.properties | Connect SonarQube to DB |
| 9 | Configure limits.conf | Prevent memory issues |
| 10 | Configure sysctl | Kernel tuning |
| 11 | Create systemd service | Production service management |
| 12 | Configure Azure NSG | Allow network access |
| 13 | Troubleshoot issues | Fix DB and network problems |
| 14 | Access SonarQube | Verify successful deployment |
๐๏ธ Architecture
Developer Laptop
โ
โผ
Corporate VPN
โ
โผ
Corporate Firewall
โ
โผ
Azure VNet
โ
โผ
Azure Ubuntu VM (Private IP)
โ
โผ
SonarQube Service (Port 9000)
โ
โผ
PostgreSQL Database
โ No public exposure
โ Fully enterpriseโsecured deployment
๐ Step 1: Connect to Azure VM
Using PuTTY or SSH:
ssh azureuser@PRIVATE_IP
๐ Step 2: Update System
sudo apt update && sudo apt upgrade -y
Always recommended in production.
โ Step 3: Install Java 17
sudo apt install openjdk-17-jdk -y
Verify:
java -version
Check path:
readlink -f $(which java)
Example:
/usr/lib/jvm/java-17-openjdk-amd64/bin/java
๐ Step 4: Install PostgreSQL
sudo apt install postgresql postgresql-contrib -y
Enable service:
sudo systemctl enable postgresql
sudo systemctl start postgresql
Check:
sudo systemctl status postgresql
๐๏ธ Step 5: Create Database and User
sudo -i -u postgres
psql
CREATE DATABASE sonarqube;
CREATE USER sonar WITH ENCRYPTED PASSWORD 'StrongPassword';
GRANT ALL PRIVILEGES ON DATABASE sonarqube TO sonar;
\c sonarqube
GRANT ALL ON SCHEMA public TO sonar;
ALTER SCHEMA public OWNER TO sonar;
Exit:
\q
exit
โ This schema permission is critical in production.
๐ฆ Step 6: Download SonarQube
wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-10.5.0.89998.zip
sudo apt install unzip -y
unzip sonarqube-*.zip
sudo mv sonarqube-* /opt/sonarqube
๐ค Step 7: Create Sonar User
sudo adduser --system --no-create-home --group --disabled-login sonar
sudo chown -R sonar:sonar /opt/sonarqube
Security best practice.
โ๏ธ Step 8: Configure Database Connection
sudo nano /opt/sonarqube/conf/sonar.properties
Update:
sonar.jdbc.username=sonar
sonar.jdbc.password=StrongPassword
sonar.jdbc.url=jdbc:postgresql://localhost:5432/sonarqube
๐ง Step 9: Configure System Limits
sudo nano /etc/security/limits.conf
Add:
sonar - nofile 65536
sonar - nproc 4096
โก Step 10: Configure Kernel Parameters
sudo nano /etc/sysctl.conf
Add:
vm.max_map_count=262144
fs.file-max=65536
Apply:
sudo sysctl -p
๐ง Step 11: Create Systemd Service
sudo nano /etc/systemd/system/sonarqube.service
[Unit]
Description=SonarQube
After=network.target
[Service]
Type=forking
User=sonar
Group=sonar
ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start
ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop
Restart=always
LimitNOFILE=65536
LimitNPROC=4096
[Install]
WantedBy=multi-user.target
Enable:
sudo systemctl daemon-reload
sudo systemctl enable sonarqube
sudo systemctl start sonarqube
Check:
sudo systemctl status sonarqube
๐ Step 12: Verify Port
sudo ss -tulnp | grep 9000
Expected:
LISTEN 0 128 0.0.0.0:9000
๐ Step 13: Configure Azure NSG
Allow inbound rule:
Setting | Value |
Source | Corporate CIDR |
Destination | VM Private IP |
Port | 9000 |
Protocol | TCP |
Action | Allow |
๐จ Real Production Issue #1: PostgreSQL Permission Error
Log location:
/opt/sonarqube/logs/web.log
Error:
permission denied for schema public
Fix:
GRANT ALL ON SCHEMA public TO sonar;
ALTER SCHEMA public OWNER TO sonar;
Restart:
sudo systemctl restart sonarqube
๐จ Real Production Issue #2: Port Not Listening
Check:
sudo ss -tulnp | grep 9000
If empty โ service failed.
Check logs:
cd /opt/sonarqube/logs
cat sonar.log
cat web.log
๐จ Real Production Issue #3: Port Listening but Browser Not Opening
Situation:
โ Service running
โ Port listening
โ NSG allowed
โ Still inaccessible
Root Cause:
Corporate firewall blocked port.
Solution:
Requested network team to allow:
| Source | Corporate CIDR | | Destination | Azure VM Private IP | | Port | 9000 |
After firewall change โ access successful.
๐ Step 14: Access SonarQube
Open browser:
Default credentials:
username: admin
password: admin
โ Production Best Practices
โ Always use PostgreSQL
โ Never expose public IP
โ Use NSG + Firewall
โ Run as dedicated user
โ Use systemd service
โ Monitor logs regularly
๐งช Troubleshooting Checklist
Issue | Command |
Service status | systemctl status sonarqube |
Port check | ss -tulnp |
Logs | /opt/sonarqube/logs |
DB issue | psql |
Network issue | NSG + Firewall |
๐ Final Result
Successfully deployed SonarQube in enterprise Azure environment with:
โ Private networking
โ PostgreSQL backend
โ Secure firewall access
โ Productionโready configuration
โ๏ธ Conclusion
Deploying SonarQube in enterprise environments involves more than installation. You must understand:
Linux configuration
Database permissions
Azure networking
Firewall layers
Service management
This experience helped me understand realโworld DevOps troubleshooting in secure enterprise infrastructure.
๐ Connect With Me
If you found this helpful, follow me for more DevOps, Azure, AWS, SonarQube, and GenAI content.
Happy Learning ๐
