Cannot start service nginx: driver failed programming external connectivity on endpoint onpremise_nginx_1

Hello All,

I am trying to configure sentry on my local machine and trying to setup ssl, everthing works fine with http, so i am able to access the sentry dashboard using http://localhost:9000, but i would ideally want to either access it via https

I am trying to use nginx as a reverse proxy but i am getting the following error

ERROR: for nginx Cannot start service nginx: driver failed programming external connectivity on endpoint onpremise_nginx_1 (87eaa55cbb9d0da49847246ed193d5dfec153dbdcb8805b86d13dd084a502cc7): Error starting userland proxy: Bind for 0.0.0.0:80: unexpected error (Failure EADDRINUSE)
ERROR: Encountered errors while bringing up the project.

below is my Docker-compose.yml

version: β€˜3.4’

x-defaults: &defaults
restart: unless-stopped
build: .
depends_on:
- redis
- postgres
- memcached
- smtp
env_file: .env
environment:
SENTRY_MEMCACHED_HOST: memcached
SENTRY_REDIS_HOST: redis
SENTRY_POSTGRES_HOST: postgres
SENTRY_EMAIL_HOST: smtp
volumes:
- sentry-data:/var/lib/sentry/files

services:
smtp:
restart: unless-stopped
image: tianon/exim4

memcached:
restart: unless-stopped
image: memcached:1.5-alpine

redis:
restart: unless-stopped
image: redis:3.2-alpine

postgres:
restart: unless-stopped
image: postgres:9.5
volumes:
- sentry-postgres:/var/lib/postgresql/data

nginx:
restart: unless-stopped
image: my-nginx-sentry:v1
depends_on:
- web
ports:
- β€œ80:80”
- β€œ443:443”

web:
<<: *defaults
ports:
- β€˜9000:9000’

cron:
<<: *defaults
command: run cron

worker:
<<: *defaults
command: run worker

volumes:
sentry-data:
external: true
sentry-postgres:
external: true

any help in this direction would be really helpfull.

Looks like you have issues with your port selection. Also it is recommended you use UWSGI when running behind a web server: https://docs.sentry.io/server/performance/#performance-web-server

Hi, many thanks for the reply. I have updated the ports to

  nginx:
restart: unless-stopped
image: my-nginx-sentry:v2
depends_on:
- web
ports:
- "49080:80"  
- "49081:443"

but its still not working, here is the nginx.conf file i am using

http {

set_real_ip_from 127.0.0.1;
set_real_ip_from 10.0.0.0/8;
real_ip_header X-Forwarded-For;
real_ip_recursive on;

ssl_certificate /etc/ssl/sentry.example.com.crt;
ssl_certificate_key /etc/ssl/sentry.example.com.key;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:128m;
ssl_session_timeout 10m;

server {
listen 80;

location / {
  if ($request_method = GET) {
    rewrite  ^ https://$host$request_uri? permanent;
  }
  return 405;
}

}

server {
listen 443 ssl;

proxy_set_header   Host                 $http_host;
proxy_set_header   X-Forwarded-Proto    $scheme;
proxy_set_header   X-Forwarded-For      $remote_addr;
proxy_redirect     off;

keepalive_timeout 0;

proxy_read_timeout 5s;
proxy_send_timeout 5s;
send_timeout 5s;
resolver_timeout 5s;
client_body_timeout 5s;

client_max_body_size 5m;
client_body_buffer_size 100k;

location / {
  proxy_pass        http://localhost:9000;

  add_header Strict-Transport-Security "max-age=31536000";
}

}
}

Sorry but this is not enough for anyone to help you. What exactly is not working? Are you getting any errors? What exactly is the issue are you facing with? :slight_smile:

PS: This also doesn’t seem to have anything w/ Sentry or on-premise so you may wanna look for help elsewhere, specifically a place with more experts regarding nginx and Docker. (I’m happy to try here tho, just saying)

Hi BYK, mant thanks for the reply and my apologies for not explaining this correctly.

I am trying to have the sentry url secured by https and have tried the steps as mentioned here https://docs.sentry.io/server/nginx/, i have the exact same copy of nginx file as specified in the link here but just the host name is different in my case i have specified β€œmy-sentry.example.com” as the host.

my docker-compose.yml looks like this, with service nginx referring to ngnix image i have built locally. As recommended i have set the SENTRY_USE_SSL env variable to true. I have tried to define the port mapping like β€œ41230:80” under service ngnix but the application does not load. I am new to docker compose, can you please help me point in the right direction as to what changes i need to make to docker compose file to ensure sentry can be accessed by https

version: β€˜3.4’

x-defaults: &defaults
restart: unless-stopped
build: .
depends_on:
- redis
- postgres
- memcached
- smtp
env_file: .env
environment:
SENTRY_MEMCACHED_HOST: memcached
SENTRY_REDIS_HOST: redis
SENTRY_POSTGRES_HOST: postgres
SENTRY_EMAIL_HOST: smtp
SENTRY_USE_SSL: β€œtrue”
volumes:
- sentry-data:/var/lib/sentry/files

services:
smtp:
restart: unless-stopped
image: tianon/exim4

memcached:
restart: unless-stopped
image: memcached:1.5-alpine

redis:
restart: unless-stopped
image: redis:3.2-alpine

postgres:
restart: unless-stopped
image: postgres:9.5
volumes:
- sentry-postgres:/var/lib/postgresql/data

nginx:
restart: unless-stopped
image: my-nginx-sentry:v3

web:
<<: *defaults
ports:
- β€˜9000:9000’

cron:
<<: *defaults
command: run cron

worker:
<<: *defaults
command: run worker

volumes:
sentry-data:
external: true
sentry-postgres:
external: true

@AksharJ - that configuration is not for the docker-compose based deploy and needs modifications to your specific setup (mostly around ports).

There are many good articles on the internet, explaining how to use nginx as a reverse-proxy with docker-compose like this one: https://dev.to/domysee/setting-up-a-reverse-proxy-with-nginx-and-docker-compose-29jg

I recommend doing more research and trial & errors before asking someone :wink:

Hello BYK,

Many thanks for your reply, I figured out the issue. I did not have certificates copied to my nginx instance, once i copied the certificates it worked :slight_smile:

however, now the application is not sending the events to sentry server anymore, I would need to configure SENTRY_URL_PREFIX again and build, correct?

1 Like

That sounds about right if the public URL of your service has changed (I’m assuming http is no longer an option and you just accept https). That said I think you can change this value from https://your.sentry.domain/manage without the need to rebuild. If that doesn’t work, yeah, you’d need to change this value in your config.yml and rebuild your Sentry on-premise image.

Sure, Many thanks for the reply @BYK

1 Like