We currently are running a SaaS web-based application that is using sentry to forward errors from the Javascript UI. The Javascript runs on browsers that are located on arbitrary customer networks which may be firewalled such that events from the Javascript code running in the browsers may never be able to make it to the sentry.io servers.
The customers obviously have access to our network, so the events could be directed here. However, we are not running sentry on-premise. Instead, we are sending the events to a sentry.io hosted server.
Is there a recommended way to perhaps proxy the front end Javascript exception events through our network, and then back out from our network to the sentry.io server?
For example, is it possible to run an haproxy on our network, and then configure the DSN on the browser to point to that, and then configure the proxy to then route the request over to sentry.io? Or, is it more involved than that?
The approach with HAProxy pretty much works as you described it, with two caveats I can think off the top of my head: You will need to rewrite the Host request header to the value Sentry would expect (sentry.io). Also the requests to /api/X/store must go to /api/X/store, there is no supported way to make the SDK send events to a custom path prefix unless you’re willing to patch that behavior into the SDK.
Yeah, the ideal thing would be that it comes back down to a configurable path prefix on the same host and port that the backend of the application is responding to. That way we wouldn’t need to go back to the customer to tell them “open port foo” where port foo is where haproxy is listening. That’s not something we really want to do.
I’m sorry, I spoke too soon. You can actually configure a path: https://docs.sentry.io/development/sdk-dev/overview/#parsing-the-dsn So you should be good to go.
At some point we had a discussion about continuing support for this and I remember the outcome differently.
That’s good to know.
I just realized that if the Raven JS request passes a Host header like “Host: sentry.foo.com” (if the DSN has “sentry.foo.com” in the hostname part) we should also be able to use that as a way to know that we should forward the request from our haproxy front end to the actual hosted sentry service (instead of to a backend server).