Working with the SaaS from a private network


#1

Hey,
We’re a medium-size startup working in the field of healthcare.
Our architecture is as follows:

We have our VM inside the hospital network, communication with the cloud (a very permissive outbound firewall rules, can access Sentry.io)
We’re having clients using our Electron app on their machines (inside the hospital’s network) with no access to the Internet but to our VM.

We would really love to try out Sentry for our Electron app, but:

  1. On-prem is not an option for us. We need the Sentry to be outside the hospital’s network, so we can scale it to all our customers. Also, our VMs run Windows and as far as I know, it is not supported. Anyway, it wouldn’t help.
  2. We can’t make the app communicate with Sentry directly, we need to use our server as a proxy or something similar.

Could you think of an option for us?

Thanks,
Tom.


Working with Electron SDK in a private network: "unable to verify the first certificate"
Self signed certificate error in sentry-electron SDK
#2

If you can communicate through a proxy, that shouldn’t be an issue with any reverse proxy.

Something like this in nginx:

location ~ ^/api/\d+/store/$ {
  proxy_pass https://sentry.io;
}

Should in theory be enough. Granted, you’d need to expand on this to make it fully work, but my point is there’s no reason you couldn’t do this.

If you need some more help, I can try to get you a more thorough config.


#3

Thanks Matt!
Actually, I’d be happy to get some help with a full configuration for the nginx. (Only the part that is related to Sentry)

Appreciate it.


#4

I’m attempting to make this solution work at the moment given the same architecture. Things work flawlessly when the server is simply HTTP. However, when I attempt to redirect the same data through the server in HTTPS form as in the following line of code, I receive HTTP 301 undefined errors from Raven:

return 301 https://$server_name$request_uri;

Removing this line of code causes the process to work perfectly and route the data from Electron -> Nginx -> Sentry albeit through HTTP in the first step.

Essentially, the config works perfectly when sending crash data from my Electron app to Nginx ONLY when the Nginx server is HTTP when I would like the same behavior for HTTPS. Note that the given code block by @matt works perfectly for my purposes and I simply need to solve the redirection issue from HTTP to HTTPS.


#5

I’ll take some time to put together a working config either today or this week. It’s hard for me to just say what needs to be done without me actually trying it and seeing what the issues are.


#6

Thanks for the quick reply @matt ! If you are in need of more specifics I’d be happy to share as I’m simply using a test server at the moment with no personal information.


#7

You may also want to ping support@sentry.io given this is likely a use case we could help with.


#8

Thanks @zeeg. Unfortunately I am not a paid user and support directed me to the forum for help.


#9

Hi @matt, has there been any progress made on the config?