So, with this configuration, when I run my docker-compose, I see that my nginx redirection work well, my request is redirected into the web service. Giving me this log:
I’m trying to setup a similar system and facing the same error. I set system.url-prefix to “h.ttps://xxxxxxxxx.com:8080” but if I visit in the browser I’m redirected to “h.ttps://xxxxxxxxx.com/auth/login” instead of “h.ttps://xxxxxxxxx.com:8080/auth/login”. I checked that the system.url-prefix is properly set by running “sentry config get system.url-prefix” inside the web container which return the correct “h.ttps://xxxxxxxxx.com:8080”. If I let nginx run on port 443 instead of 8080, Sentry is working perfectly fine.
(I was required to add a . into URLs in order to post this)
Please find my entire setup here:
docker-compose.yml
# NOTE: This docker-compose.yml is meant to be just an example of how
# you could accomplish this on your own. It is not intended to work in
# all use-cases and must be adapted to fit your needs. This is merely
# a guideline.
# See docs.getsentry.com/on-premise/server/ for full
# instructions
version: '2'
services:
base:
restart: unless-stopped
build: .
environment:
# Run `docker-compose run web config generate-secret-key`
# to get the SENTRY_SECRET_KEY value.
# SENTRY_SECRET_KEY: ''
SENTRY_MEMCACHED_HOST: memcached
SENTRY_REDIS_HOST: redis
SENTRY_POSTGRES_HOST: postgres
SENTRY_EMAIL_HOST: smtp
SENTRY_SECRET_KEY: ****
volumes:
- ./data/sentry:/var/lib/sentry/files
smtp:
restart: unless-stopped
image: tianon/exim4
memcached:
restart: unless-stopped
image: memcached:1.4
redis:
restart: unless-stopped
image: redis:3.2-alpine
postgres:
restart: unless-stopped
image: postgres:9.5
volumes:
- ./data/postgres:/var/lib/postgresql/data
web:
restart: unless-stopped
extends: base
links:
- redis
- postgres
- memcached
- smtp
cron:
restart: unless-stopped
extends: base
command: run cron
links:
- redis
- postgres
- memcached
- smtp
worker:
restart: unless-stopped
extends: base
command: run worker
links:
- redis
- postgres
- memcached
- smtp
nginx-proxy:
restart: unless-stopped
image: nginx
ports:
- "8080:443"
links:
- web
volumes:
- ./data/nginx/nginx.conf:/etc/nginx/conf.d/default.conf
- ./data/nginx/cert.crt:/etc/nginx/cert.crt
- ./data/nginx/cert.key:/etc/nginx/cert.key
config.yml
# While a lot of configuration in Sentry can be changed via the UI, for all
# new-style config (as of 8.0) you can also declare values here in this file
# to enforce defaults or to ensure they cannot be changed via the UI. For more
# information see the Sentry documentation.
###############
# Mail Server #
###############
# mail.backend: 'smtp' # Use dummy if you want to disable email entirely
# mail.host: 'localhost'
# mail.port: 25
# mail.username: ''
# mail.password: ''
# mail.use-tls: false
# The email address to send on behalf of
# mail.from: 'root@localhost'
# If you'd like to configure email replies, enable this.
# mail.enable-replies: false
# When email-replies are enabled, this value is used in the Reply-To header
# mail.reply-hostname: ''
# If you're using mailgun for inbound mail, set your API key and configure a
# route to forward to /api/hooks/mailgun/inbound/
# mail.mailgun-api-key: ''
###################
# System Settings #
###################
# If this file ever becomes compromised, it's important to regenerate your a new key
# Changing this value will result in all current sessions being invalidated.
# A new key can be generated with `$ sentry config generate-secret-key`
# system.secret-key: 'changeme'
system.url-prefix: 'https://xxx.xxxxxx.xxx:8080'
# The ``redis.clusters`` setting is used, unsurprisingly, to configure Redis
# clusters. These clusters can be then referred to by name when configuring
# backends such as the cache, digests, or TSDB backend.
# redis.clusters:
# default:
# hosts:
# 0:
# host: 127.0.0.1
# port: 6379
################
# File storage #
################
# Uploaded media uses these `filestore` settings. The available
# backends are either `filesystem` or `s3`.
# filestore.backend: 'filesystem'
# filestore.options:
# location: '/tmp/sentry-files'
# filestore.backend: 's3'
# filestore.options:
# access_key: 'AKIXXXXXX'
# secret_key: 'XXXXXXX'
# bucket_name: 's3-bucket-name'
Would be great if one of the Sentry gurus could take a look into it
Can you also post your nginx config? My hunch is that nginx is rewriting the redirect here. You should be able to verify this by curling the Sentry web container directly and seeing what the Location header is when it tries to redirect.
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
server {
# SSL configuration
listen 443 ssl default_server;
ssl_certificate /etc/nginx/cert.crt;
ssl_certificate_key /etc/nginx/cert.key;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
gzip off;
server_name _;
# Proxy for sentry (container web)
location / {
proxy_pass http://web:9000;
proxy_read_timeout 90;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
I also just tried to run nginx on port 8080 instead of 443 with the same result. As nginx does not “know” about port 443, I’m not sure if nginx causes the redirect to port 443
@matt I didn’t understand how nginx could be the root of the problem? As I say in my post, when I use a docker-compose, the request goes through nginx and are correctly redirected into the Sentry instance. And THEN, that instance perform a redirect on the request.
