getsantry[bot]
commented
1 week ago Assigning to @getsentry/support for routing ⏲️
Open slentzen-auth0 opened 1 week ago
getsantry[bot]
commented
1 week ago Assigning to @getsentry/support for routing ⏲️
Problem Statement
I have been trying to use the sentry-cli to send some test events to a sentry relay instance within a Kubernetes cluster. The sentry relay sits behind an nginx proxy that accepts HTTPS traffic on port 443. Every test event I sent would result in a SSL handshake error. I tried to turn off the SSL handshake with the two config settings
verify_ssl=falseandcheck_ssl_revoke=falsebut I was still seeing handshake errors. Eventually, my colleague suggested checking to see what language the cli was written in and then we looked up how Rust programs in general define SSL certs. It turns out that if we set the SSL_CERT_FILE and SSL_CERT_DIR, we can get past the SSL handshake errors. Perhaps this is obvious to people who run Rust programs all the time, but it was not obvious to me.Solution Brainstorm
1) the docs only explain how to skip SSL validation 2) turning off the verify_ssl doesn't seem to work (for me at least) 3) there probably should be a config in Sentry CLI to define where the cert file and the cert directory 4) there should be some mention in the docs on how to support TLS certs instead of just how to turn them off. So tell the users to set the SSL_CERT_FILE and SSL_CERT_DIR variables. Or if you add a config that does the same thing, mention that.