Sentry behind a https reverse proxy

[chgossyt]

- Sentry running on a standalone machine, behind a corp FW which allows only https

- nginx running on corp firewall, terminating https connections

- I can access the sentry Admin GUI fine, https://sentry is getting forwarded to http://sentry:8080 by the fw

BUT: I had to set the SENTRY_URL_PREFIX to "https", as redirects were coming back "http" and not getting through the corp fw.

The problem:

- the problem I think I am having is that the client key is now https.

- events that are getting sent to the sentry using that client key are just getting silently dropped by sentry.

My question:

is having the client key "https" going to cause an ssl negotiation? Is that the reason sentry is silently dropping these POSTs?

 client key: https://83cd6477dad24a98b01a544fde8e3cbb:823b4ca7b1d1463abefa8d84281b1dd3@sentry:8080/2

My PC =====https=====corpFWrunningNginx-------http-------sentryBoxListeningOn8080

corpFWrunningNginx config

 if ($host = sentry) {

            proxy_pass          http://10.64.12.212:8080;

            access_log          /var/log/nginx/sentry.access.log;

        }

sentryBoxListeningOn8080

SENTRY_URL_PREFIX = 'https://sentryBoxListeningOn8080'

SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')

[David Cramer]

SENTRY_URL_PREFIX is mostly used for generating URLs, and in theory shouldn’t be required for some things.

You’d likely want an Nginx in front of sentry (not FW), that just does http proxying and then point the DSN at that.

also you can set SENTRY_ENDPOINT = ‘http://sentry.example.com' to adjust DSN strings that are generated.

--
You received this message because you are subscribed to the Google Groups "sentry" group.
To unsubscribe from this group and stop receiving emails from it, send an email to getsentry+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[chgossyt]

SENTRY_ENDPOINT worked like magic, thanks!!