Greetings!
This may well be a Cloudflare issue that I need to poke them about, but I thought I’d ask here just in case anyone else has experience with this.
I’ve got on-premise Sentry up and running on AWS (all of my company’s computing infrastructure lives on AWS with all internet-facing traffic going through Cloudflare) and I’m at the final step of getting ingest working properly.
The trouble is SSL. All the backend stuff (workers, ingest, web UI that pokes ingest points, etc.) gets grumpy because SSL isn’t working on the sub-subdomains Sentry uses for all the API calls. Wildcard SSL certs only support a single subdomain, e.g. *.sentry.domain.com can be covered by one cert, but *.*.sentry.domain.com cannot. Ingest gets done via ingest.sentry.domain.com, but sentry defines a further subdomain for each project’s ingest, e.g. o1.ingest.sentry.domain.com.
I guess this means we’ll need two wildcard certs – one for *.sentry.domain.com and another for *.ingest.sentry.domain.com?
Alternately, is there a way to configure sentry so that it generates endpoints like o1-ingest-sentry.domain.com and ingest-sentry.domain.com instead?
We’ve got Enterprise-level service at Cloudflare on the domain where I’d like to host Sentry, so this might just require paying for/enabling some extra option there to get the extra SSL certs.
I’d appreciate any help anyone can offer, and I’m perfectly happy if the answer is just “go bug Cloudflare about this.” Just hoping there’s another option.
Thanks!
