Sentry

The full Sentry documentation is here: https://docs.sentry.io

This tutorial will set up a self hosted instance of Sentry based on their GitHub repository getsentry/self-hosted for the tagged version 23.8.0 with HTTPS using traefik and LetsEncrypt.

Prerequisites

We recommend for any new VM changing the administrator password and installing package updates and upgrades.

passwd
sudo apt update -y && sudo apt upgrade -y

Installing Docker and Dcoker Compose

sudo apt-get update
sudo apt-get install ca-certificates curl gnupg
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y

Sentry

Step 1: Clone Sentry 23.8.0 from GitHub and initialise

git clone -b 23.8.0 --depth 1 https://github.com/getsentry/self-hosted

Now, move to the cloned project path and run bash file to install Sentry

cd self-hosted
sudo ./install.sh

During the instal you will be prompted to opt in or out of sending error reports to Sentry’s self-hosted instance of their product.

Before finishing you will be prompted to create a user account. Note email address and password inputted as these will be the credentials of the administrator account for your Sentry instance.

Next, the Sentry instance is brought up with the default configuraion

sudo docker compose up -d

Now, your Sentry instance is exposed on port 9000. Replace 0.0.0.0 below with the IP of your instance of Sentry to test.

http://0.0.0.0:9000

Step 2: Enable Sentry to Send Emails

This is required to invite new users and also to recieve Error notifications and weekly summary reports via email.

nano .env

In the .env file, uncomment SENTRY_MAIL_HOST=example.com and change example.com to a FQDN which email will be sent from eg. with SENTRY_MAIL_HOST=my-sentry-instance.com emails will be sent from sentry@my-sentry-instance.com

Step 3. Setup HTTPS

We are going to a add a directory, “traefik” to the cloned Sentry project and add a docker-compose file to configure traefik.

mkdir traefik
nano traefik/docker-compose.yml

In docker-compose.yml add the following, changing “admin@example.com” to a valid email address.

version: "3.3"

services:
   traefik:
      image: "traefik:v2.9"
      container_name: "traefik"
      network_mode: "host"
      restart: "unless-stopped"
      command:
        - "--api.insecure=true"
        - "--providers.docker=true"
        - "--providers.docker.exposedbydefault=false"
        - "--entrypoints.websecure.address=:443"
        - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
        - "--certificatesresolvers.myresolver.acme.email=admin@exmaple.com"
        - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
      ports:
        - "443:443"
        - "8080:8080"
      volumes:
        - "./letsencrypt:/letsencrypt"
        - "/var/run/docker.sock:/var/run/docker.sock:ro"

Next, we are going to modify the docker-compose.yml of the cloned Sentry project.

nano docker-compose.yml

In the Sentry docker-compose file, the following changes need to be applied

  1. Add labels to the web service to enabale traefik, changing sentry.example.com to the DNS name of your Sentry instance.

web:
    <<: *sentry_defaults
    labels:
    - "traefik.enable=true"
    - "traefik.http.routers.web.rule=Host(`sentry.example.com`)"
    - "traefik.http.routers.web.entrypoints=websecure"
    - "traefik.http.routers.web.tls.certresolver=myresolver"
  1. Comment out the entire nginx service

  2. Addd labels to the relay service to enabale traefik, changing sentry.example.com to the DNS name of your Sentry instance.

relay:
    <<: *restart_policy
    image: "$RELAY_IMAGE"
    labels:
    - "traefik.enable=true"
    - "traefik.http.routers.relay.rule=Host(`sentry.example.com`) && PathPrefix(`/api/store/`, `/api/{id:[1-9]\\d*/}`)"
    - "traefik.http.routers.relay.entrypoints=websecure"
    - "traefik.http.routers.relay.tls.certresolver=myresolver"

It is now required to update the Sentry config file to point to the https address of your Sentry instance

sudo nano sentry/config.yml

Add the following under System Settings to set the https address of your Sentry instance

system.url-prefix: 'https://sentry.example.com'

Next, in the sentry.conf file uncomment SSL/TLS Seettings

sudo nano sentry/sentry.conf.py

Now it’s time to bring down the default and then all up to enable https connections…

sudo docker compose down && sudo docker compose up -d

cd traefik/
sudo docker compose up -d

For traefik ensure port 80 and 443 is open to all to allow for the acme challenge to complete to generate SSL certs.