IIS Reverse Proxy Error 500

I am trying to setup Sentry behind an IIS that is working as Reverse Proxy

The reverse proxy is setup for incoming and outgoing rules. When I navigate to the url then the following request happsn:

  • call to reverse proxy url 302
  • call to /auth/login/ 302
  • call to /auth/login/sentry/ 500 URL Rewrite Module Error.

What I see is that on this request the Accept-Encoding is gzip, deflat.

I have checked the nginx.conf file and there the line gzip off is set.

What am I doing wrong.

Kind regards,
Michael

Without more logs, it is hard to speculate on why. I’m not sure this is related to gzip at all.

Which logs do you need? IIS or nginx?

Both?

ISS tells me 500.52 Outbound rewrite rules cannot be applied when the content of the HTTP response is encoded (“gzip”)
Going into deep when setting the following works: Goto Compression Page and disable “Enable dynamic content compression”
Can this information be added to the readme for other folks?

This seems very specific to ISS and not Sentry, otherwise you are more than welcome to improve our docs over at https://develop.sentry.dev/self-hosted/

Just FYI,

attachted you will find a working web.config for IIS Reverse Proxy to be fully compatible with Sentry. It took quite a lot of work to find out every strange IIS behavior and fix it to have a fully working Sentry

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.webServer>
    <rewrite>
      <outboundRules>
        <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
          <match filterByTags="A, Form, Img" pattern="^http(s)?://sentry_host:9000/(.*)" />
          <action type="Rewrite" value="http{R:1}://public_host/{R:2}" />
        </rule>
        <preConditions>
          <preCondition name="ResponseIsHtml1">
            <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
          </preCondition>
        </preConditions>
      </outboundRules>
      <rules>
        <clear />
        <!-- remove this rule if lets encrypt is not required -->
        <rule name="LetsEncrypt" stopProcessing="true">
          <match url=".well-known/acme-challenge/*" />
          <conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
          <action type="None" />
        </rule>
        <!-- remove this rule if redirecting to https is not required-->
        <rule name="Enforce HTTPS" stopProcessing="true">
          <match url="(.*)" />
          <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
            <add input="{HTTPS}" pattern="^OFF$" />
          </conditions>
          <action type="Redirect" url="https://{HTTP_HOST}/{REQUEST_URI}" />
        </rule>
        <rule name="ReverseProxyInboundRule1" stopProcessing="true">
          <match url="(.*)" />
          <action type="Rewrite" url="http://sentry_host:9000/{R:1}" />
        </rule>
      </rules>
    </rewrite>
    <!-- dynamic compression must be disabled-->
    <urlCompression doStaticCompression="true" doDynamicCompression="false" />
    <security>
      <!-- otherwise the + sign from prefix@version+sha will not work -->
      <requestFiltering allowDoubleEscaping="true" />
    </security>
  </system.webServer>
  <system.web>
    <!-- otherwise the : sign from eventSlug within /organizations/:orgId/performance/:eventSlug/ route will not work -->
    <httpRuntime requestPathInvalidCharacters="*,%,?,\,&amp;,&lt;,&gt;" />
  </system.web>
</configuration>

Note:

  • sentry_host has to be replaced with the IP adress where sentry is running
  • public_host is the host which is used to reach the sentry instance from the internet