Sentry logging issue

On-Premise
1

Hello. we run docker image of sentry on our server. When it works without https and domains ( by ip access) it works great and we can see error from our apps. But when we setup https and domain with nginx proxy config there are some errors when we try lo send events in sentry.

sentry.init with debug = true gives us following message when we try to send smth to sentry:
[sentry] ERROR: Unexpected status code: 403
with msg CSRF Verification Failed.

We can provide any additional data if needed. Can you advise what should we do to fix this?

2

I think you are missing this line in your nginx.conf:

3

user nginx;
worker_processes 1;

error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;

events {
worker_connections 1024;
}

http {
default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

sendfile on;
keepalive_timeout 75s;

upstream relay {
	server relay:3000;
}

upstream sentry {
	server web:9000;
}

server {
	listen 80;
	resolver 127.0.0.11 ipv6=off;
	proxy_redirect off;
	proxy_set_header Host $host;
	location /api/store/ {
		proxy_pass http://relay;
	}
	location ~ ^/api/[1-9]\d*/ {
		proxy_pass http://relay;
	}
	location / {
		proxy_pass http://sentry;
	}
}

}

this is my sentry onpremise nginx conf

and this is another one for ssl:

server {
listen 2096 ssl;
server_name my_site_name;

# SSL configuration -- change these certs to match yours
ssl_certificate     /path/to/crt;
ssl_certificate_key /path/to/key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

proxy_set_header   Host                 $http_host;
proxy_set_header   X-Forwarded-Proto    $scheme;
proxy_set_header   X-Forwarded-For      $remote_addr;
proxy_redirect     off;

keepalive_timeout 0;

proxy_read_timeout 5s;
proxy_send_timeout 5s;
send_timeout 5s;
resolver_timeout 5s;
client_body_timeout 5s;

# buffer larger messages
client_max_body_size 5m;
client_body_buffer_size 100k;

location / {
  proxy_pass        http://web:9000;

  add_header Strict-Transport-Security "max-age=31536000";

}
}

4

Have you enabled SSL-related Sentry config settings and set your system.url-prefix accordingly?

I haven’t yet tried using SSL termination in front of our on-premise setup so my experience here is limited unfortunately.

5

Yes, i uncomment ssl config settings in sentry.conf.py and change system.internal-url-prefix in confing.yml and rebuild sentry after that. Unfortunatelly this wasn’t the cure. Problem still there. Maybe i can bind my sentry to use ssl over https in another way?

6

Please, if you find a solution to the problem, then write the solution here. I also ran into the problem of sending events for the same reasons.

In my case, it gives an error 400
The rest is the same configured https and domain name on the server

image
image851×701 157 KB

7

I think the issue here is the SSL-terminating Nginx instance is forwarding everything to web:9000 which is the Sentry web backend. So it is lacking the crucial Relay path forwarding for event storage endpoints that are defined in our nginx configuration. If you replace that web:9000 with nginx:80, your issue should be resolved.

8

Yes, the issue was there. Lack of relay path in my nginx conf. Now its working. Thank you!

1 Like