Sentry behind a https reverse proxy

1,951 views
Skip to first unread message

chgossyt

unread,
Dec 1, 2015, 7:18:31 PM12/1/15
to sentry
- Sentry running on a standalone machine, behind a corp FW which allows only https
- nginx running on corp firewall, terminating https connections
- I can access the sentry Admin GUI fine, https://sentry is getting forwarded to http://sentry:8080 by the fw
BUT: I had to set the SENTRY_URL_PREFIX to "https", as redirects were coming back "http" and not getting through the corp fw.


The problem:
- the problem I think I am having is that the client key is now https.
- events that are getting sent to the sentry using that client key are just getting silently dropped by sentry.

My question:
is having the client key "https" going to cause an ssl negotiation? Is that the reason sentry is silently dropping these POSTs?


 client key: https://83cd6477dad24a98b01a544fde8e3cbb:823b4ca7b1d1463abefa8d84281b1dd3@sentry:8080/2


My PC =====https=====corpFWrunningNginx-------http-------sentryBoxListeningOn8080


corpFWrunningNginx config
 if ($host = sentry) {
            proxy_pass          http://10.64.12.212:8080;

            access_log          /var/log/nginx/sentry.access.log;
        }


sentryBoxListeningOn8080
SENTRY_URL_PREFIX = 'https://sentryBoxListeningOn8080'
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')

David Cramer

unread,
Dec 1, 2015, 7:20:53 PM12/1/15
to gets...@googlegroups.com, chgossyt
SENTRY_URL_PREFIX is mostly used for generating URLs, and in theory shouldn’t be required for some things.

You’d likely want an Nginx in front of sentry (not FW), that just does http proxying and then point the DSN at that.

also you can set SENTRY_ENDPOINT = ‘http://sentry.example.com' to adjust DSN strings that are generated.
--
You received this message because you are subscribed to the Google Groups "sentry" group.
To unsubscribe from this group and stop receiving emails from it, send an email to getsentry+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

chgossyt

unread,
Dec 1, 2015, 7:38:34 PM12/1/15
to sentry, chg...@gmail.com
SENTRY_ENDPOINT worked like magic, thanks!!
Reply all
Reply to author
Forward
0 new messages