Securing on-prem for client side errors

We are self-hosting sentry behind our corporate firewall. Because many of our errors include PHI, we need to maintain the highest level of security we can around our sentry deployment. Howeve, we’d like to be able to collect error information from react code running on clients outside our network.

Is there any way to run sentry on our DMZ and ONLY open up the collection interface to the public? In effect, I want to keep the UI and the query parts of the rest interface blocked, while still allowing outside connections to send data into sentry.

Thanks,
Tejay

Install a proxy / API gateway.

This would be our recommendation as well. Something as simple as NGINX to proxy through requests to e.g. sentry.mydomain.com/api/\d+/store/