Disclaimer

We are going to follow the official Sentry installation guide given by Sentry in their documentation clarifying some points with a practical case, even using Nginx as reversy proxy to access through a domaing to our app.

Start by cloning or forking getsentry/onpremise. This will act the base for your own custom Sentry.

Important files

  • requirements.txt -> Add here those repositories which you want to install. For example, we're going to install the Telegram plugin. Internally, Docker uses pip to install the packages listed here:
# Add plugins here
sentry-telegram
  • config.yml -> Configurations used for Sentry. Stuff like SMTP, Redis or S3 configurations. For example, we're going to configure here our SMTP parameters for Sendgrid.
mail.backend: 'smtp'  # Use dummy if you want to disable email entirely
mail.host: 'smtp.sendgrid.net'
mail.port: 587
mail.username: 'apikey'
mail.password: 'SD.sdf78gsd7SGS8-3fas3Fs.3fSFERP_3fS78DFsdysdysS7TDFAGS-lwsdSD7S
mail.use-tls: true
# The email address to send on behalf of
mail.from: 'mr-sentry@example.com'
  • sentry.conf.py -> Configurations directly used by Django (the framework used by Sentry). Here, we're going to tell Django to use our Telegram application.
INSTALLED_APPS += ('sentry_telegram',)

Linked services

Now we're going to install the services (Redis, PostgreSQL, Exim4) which Sentry needs. Note that we added the parameter --restart always to be sure the service will be always up after a restart.

PostgreSQL

docker run --restart always --detach --name sentry-postgres --env POSTGRES_PASSWORD=HERE_GOES_THE_PASSWORD --env POSTGRES_USER=HERE_GOES_THE_USERNAME postgres:9.5

Redis

docker run --restart always --detach --name sentry-redis redis:3.2-alpine

Outbound Email

docker run --restart always --detach --name sentry-smtp tianon/exim4

Secret key

Now we going to set the secret key, used to crypt the communications, obfuscate the data and other stuff.

docker run --rm sentry-onpremise config generate-secret-key

You should set this key in the config.yml and in the steps bellow as an environment variable. Also, we added the environment variable SENTRY_USE_SSL to enable the SSL support.

Migrations

Now we going to run the migrations to populate the database.

docker run --restart always --link sentry-redis:redis --link sentry-postgres:postgres --link sentry-smtp:smtp --env SENTRY_SECRET_KEY='SDA9023=)Askhdg#s8A7SDA02_SDAÑ/TSSA9SD' --env SENTRY_USE_SSL=True --rm -it sentry-onpremise upgrade

In this step Sentry'll ask you for the credentials to create a super user.

Sentry services

Web service

docker run --restart always --detach --link sentry-redis:redis --link sentry-postgres:postgres --link sentry-smtp:smtp --env SENTRY_SECRET_KEY='SDA9023=)Askhdg#s8A7SDA02_SDAÑ/TSSA9SD' --env SENTRY_USE_SSL=True --name sentry-web-01 --publish 9000:9000 sentry-onpremise run web

Background Workers

docker run --restart always --detach --link sentry-redis:redis --link sentry-postgres:postgres --link sentry-smtp:smtp --env SENTRY_SECRET_KEY='SDA9023=)Askhdg#s8A7SDA02_SDAÑ/TSSA9SD' --env SENTRY_USE_SSL=True --name sentry-worker-01 sentry-onpremise run worker

Cron Process

docker run --restart always --detach --link sentry-redis:redis --link sentry-postgres:postgres --link sentry-smtp:smtp --env SENTRY_SECRET_KEY='SDA9023=)Askhdg#s8A7SDA02_SDAÑ/TSSA9SD' --env SENTRY_USE_SSL=True --name sentry-cron sentry-onpremise run cron

Now you can access your Sentry.

Nginx

After that, we install nginx

apt-get install nginx-full

We will create a site with the config bellow:

server {
    listen   80;
    server_name sentry.example.com;

    location / {
      if ($request_method = GET) {
        rewrite  ^ https://$host$request_uri? permanent;
      }
      return 405;
    }
  }

  server {
    listen   443 ssl;
    server_name sentry.example.com;

    proxy_set_header   Host                 $http_host;
    proxy_set_header   X-Forwarded-Proto    $scheme;
    proxy_set_header   X-Forwarded-For      $remote_addr;
    proxy_redirect     off;

    # keepalive + raven.js is a disaster
    keepalive_timeout 0;
    
    # SSL configuration -- change these certs to match yours
    ssl_certificate      /etc/ssl/sentry.example.com.crt;
    ssl_certificate_key  /etc/ssl/sentry.example.com.key;

    # use very aggressive timeouts
    proxy_read_timeout 5s;
    proxy_send_timeout 5s;
    send_timeout 5s;
    resolver_timeout 5s;
    client_body_timeout 5s;

    # buffer larger messages
    client_max_body_size 5m;
    client_body_buffer_size 100k;

    location / {
      proxy_pass        http://localhost:9000;

      add_header Strict-Transport-Security "max-age=31536000";
    }
  }

Finally, we will restart the nginx service:

service nginx restart

And that's all!