Should sentry be installed in DMZ or internal network?
Doesn’t that depend on what you want? If you need access from outside your network, you at least need some access through the DMZ, but if its all internal network traffic, you don’t have to.
while DMZ or internal network does not matter, there is one thing to keep in mind that if you activate the mail notification, there is a link inside the mail, and you must ensure the link is accessible at the mail receiver side.
So it is very important to set the URL correctly. In case of the DMZ case, you need to set the URL the external address instead of the DMZ internal address to ensure when user click the email link it is accessible.
However, if you try to integrate Sentry with JIRA, GitLab etc within the same DMZ network, you need to carefully plan the route rule in your DMZ firewall/router to ensure that both sides can reach to each other, which is quite tricky but mandatory.