I have successfully installed Sentry On-Premise via docker (docker-compose) following the instructions in https://github.com/getsentry/onpremise. I also installed NGINX as a reverse proxy and I can successfully access Sentry Web Interface via https. I am struggling to send events to Sentry via https. I have added to sentry.config.py
but I cannot receive events via https.
When accessing from the web UI in the /manage/status/environment/ section it reports that SECURE_PROXY_SSL_HEADER is set to “None” which seems to me that the config hasn’t been applied. I am quite new to Sentry so I am probably missing something. Any help would be really appreciated.
If you’re able to access the web UI over https, there’s no difference in accepting events over https. It all goes through the same thing. Can you provide more information on what’s wrong when you try?
I couldn’t receive the events in the back end. Today I can normally receive the events via https. The only difference today is that I edited the Root URL (switched to https) in order to have correct internal links. Maybe I was missing something else yesterday. Thank you for your response @matt.
I am having troubles setting up sentry on premise with https, i am using docker-compose too, however, can you please let me know, i need to remove the if statement and just keep the settings here
if env('SENTRY_USE_SSL', False): # do i need to remove this line
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
SOCIAL_AUTH_REDIRECT_IS_HTTPS = True
also, where do i specify SENTRY_USE_SSL = 1, do i specify this in the docker compose file?
Maybe it is due to the SSL certificate verification problem, if you are using an self-signed one, whose root certificate is not taken granted as a trusted one.
In my case, I have installed a NGINX container who will terminate the SSL and communicate with Sentry docker with plain HTTP. You may try this way.
the Nginx configuration is here as a reference
upstream backend-sentry {
server web:9000;
}
server { #terminate HTTPS traffic and forward to web container
listen 443 ssl http2;
#ssl certificate must be a chain certificate and key must be uncrypted
ssl_certificate /etc/nginx/conf.d/sentry.cert;
ssl_certificate_key /etc/nginx/conf.d/sentry.key;
client_max_body_size 0;
chunked_transfer_encoding on;
# Log files for Debug
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
location / {
# Do not allow connections from docker 1.5 and earlier
# docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents
if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
return 404;
}
proxy_pass http://backend-sentry;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
}
}
server {
# http traffic forwarding
listen 80;
client_max_body_size 0;
chunked_transfer_encoding on;
# Log files for Debug
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
location / {
# Do not allow connections from docker 1.5 and earlier
# docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents
if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
return 404;
}
proxy_pass http://backend-sentry;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
}