project events are reaching with http but not with https(post calls)

[radhikaporla]

Self-Hosted Version

self-hosted-22.9.0

CPU Architecture

x86_64

Docker Version

Docker version 20.10.21

Docker Compose Version

docker-compose version 1.28.0

Steps to Reproduce

selfhosted senty is up with https and can login to sentry web, but when we try testing events from project using https DSN nothing gets logged in nginx, with http DSN it works. Please helps us if i am missing any other changes

Below are the changes made:

sentry.config.py uncommented SSL section config.yml added system.url-prefix: https://name:9001

nginx.config file

user nginx; worker_processes auto;

error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid;

events { worker_connections 1024; }

http { default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;
tcp_nopush on;
tcp_nodelay on;
reset_timedout_connection on;

keepalive_timeout 75s;

gzip off;
server_tokens off;

server_names_hash_bucket_size 64;
types_hash_max_size 2048;
types_hash_bucket_size 64;
client_max_body_size 100m;

proxy_http_version 1.1;
proxy_redirect off;
proxy_buffering off;
proxy_next_upstream error timeout invalid_header http_502 http_503 non_idempotent;
proxy_next_upstream_tries 2;

# Remove the Connection header if the client sends it,
# it could be "close" to close a keepalive connection
proxy_set_header Connection $http_connection;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Request-Id $request_id;
proxy_read_timeout 30s;
proxy_send_timeout 5s;

upstream relay {
    server relay:3000;
}

upstream sentry {
    server web:9000;
}
    server {
    listen 80;

            server_name sentry;
    location /api/store/ {
        proxy_pass http://relay;
    }
    location ~ ^/api/[1-9]\d*/ {
        proxy_pass http://relay;
    }
    location / {

                    rewrite  ^ https://sentry.swmed.edu:9001;
                    proxy_pass https://name;

          }
}
  server {

          listen 443 ssl;
           server_name servername;

           proxy_set_header   Host                 $http_host;
           proxy_set_header   X-Forwarded-Proto    $scheme;
           proxy_set_header   X-Forwarded-For      $remote_addr;
           proxy_redirect     off;
           proxy_set_header Connection $http_connection;

           # keepalive + raven.js is a disaster
           keepalive_timeout 0;

           # use very aggressive timeouts
           proxy_read_timeout 5s;
           proxy_send_timeout 5s;
           send_timeout 5s;
           resolver_timeout 5s;
           client_body_timeout 5s;

           # buffer larger messages
           client_max_body_size 5m;
           client_body_buffer_size 100k;

           # SSL configuration
           ssl_certificate      /etc/nginx/filename;
           ssl_certificate_key  /etc/nginx/filename;
           ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
           ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
           ssl_prefer_server_ciphers on;
           location /api/store/ {
                    proxy_pass http://relay;
            }
            location ~ ^/api/[1-9]\d*/ {
                    proxy_pass http://relay;
            }

           location / {
                   proxy_pass http://sentry;

                   add_header Strict-Transport-Security "max-age=31536000";
           }
    }

}

docker-compose.yml

nginx: <<: *restart_policy ports:

• "$SENTRY_BIND:80/tcp"
• "9001:443/tcp" image: "nginx:1.22.0-alpine" volumes:
• type: bind read_only: true source: ./nginx target: /etc/nginx
• sentry-nginx-cache:/var/cache/nginx

Expected Result

Https post events should work

Actual Result

when project send error events using https DSN nothing happens

https://bb6e7b67a0694b8fb22c67307e0a1cb5@name:9001/2

Event ID

No response

[hubertdeng123]

Can you post relay logs? Wondering if you're having trouble hitting that service

[radhikaporla]

relaylogs.txt

relay/config.yml (file) upstream: "http://web:9000" host: 0.0.0.0 port: 3000 logging: level: INFO processing: enabled: true kafka_config:

• {name: "bootstrap.servers", value: "kafka:9092"}
• {name: "message.max.bytes", value: 50000000} # 50MB redis: redis://redis:6379 geoip_path: "/geoip/GeoLite2-City.mmdb"

not sure if the logs help, thank you for the help.

[radhikaporla]

when i try DSN>http://bb6e7b67a0694b8fb22c67307e0a1cb5@name:9000/2<DSN from projects i see below line in nginx logs

• [21/Dec/2022:22:46:57 +0000] "POST /api/2/envelope/ HTTP/1.1" 200 41 "-" "sentry.java.logback" "-"

But when i try DSN>https://bb6e7b67a0694b8fb22c67307e0a1cb5@name:9001/2<DSN do not see any post messaged getting logged on nginx conatiner.

Please let me know if you need any additional information.

Thank you.

[hubertdeng123]

Hmmm, I suspect that traffic isn't going into relay at all. Perhaps there is some part of your config is not directing traffic properly there. Is your servername set to https://sentry.swmed.edu?

[radhikaporla]

server name in which file?

[radhikaporla]

(system.url-prefix: 'https://sentry.swmed.edu') sentry/config.yml server_name sentry.swmed.edu; in nginx/ nginx.conf

[radhikaUT]

Can you help me with any documentation on how to enable SSL using nginx container provided from sentry

[ethanhs]

@radhikaporla See e.g. https://stackoverflow.com/a/51428308. Two important things to note: you can use a docker-compose.override.yml to override the nginx container config in docker-compose.yml, and you will need to re-run the installer to re-build the docker images, the nginx config lives under the nginx folder.

[github-actions[bot]]

This issue has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you label it Status: Backlog or Status: In Progress, I will leave it alone ... forever!

---

"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀

[radhikaporla]

still working on this don't close

[radhikaporla]

Hi, i am seeing below errors in relay logs, do you know why i am facing this error relay_1 | 2023-01-26T02:47:20Z [relay_server::actors::upstream] WARN: Network outage, scheduling another check in 1s relay_1 | 2023-01-26T02:47:21Z [relay_server::actors::upstream] WARN: Network outage, scheduling another check in 1.5s relay_1 | 2023-01-26T02:47:22Z [relay_server::actors::upstream] WARN: Network outage, scheduling another check in 2.25s relay_1 | 2023-01-26T02:47:24Z [relay_server::actors::upstream] WARN: Network outage, scheduling another check in 3.375s relay_1 | 2023-01-26T02:47:27Z [relay_server::actors::upstream] ERROR: authentication encountered error: could not send request to upstream relay_1 | caused by: error sending request for url (http://web:9000/api/0/relays/register/challenge/): error trying to connect: dns error: no record found for name: web.swmed.net. type: AAAA class: IN relay_1 | 2023-01-26T02:47:28Z [relay_server::actors::upstream] WARN: Network outage, scheduling another check in 5.0625s relay_1 | 2023-01-26T02:47:32Z [r2d2] ERROR: failed to lookup address information: Name or service not known relay_1 | 2023-01-26T02:47:32Z [r2d2] ERROR: failed to lookup address information: Name or service not known relay_1 | 2023-01-26T02:47:32Z [r2d2] ERROR: failed to lookup address information: Name or service not

Thanks

[github-actions[bot]]

This issue has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you label it Status: Backlog or Status: In Progress, I will leave it alone ... forever!

---

"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀