The full Sentry documentation is here: https://docs.sentry.io
This tutorial will set up a self hosted instance of Sentry based on their GitHub repository getsentry/self-hosted for the tagged version 23.8.0 with HTTPS using traefik and LetsEncrypt.
We recommend for any new VM changing the administrator password and installing package updates and upgrades.
passwd
sudo apt update -y && sudo apt upgrade -y
Installing Docker and Dcoker Compose
sudo apt-get update
sudo apt-get install ca-certificates curl gnupg
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y
git clone -b 23.8.0 --depth 1 https://github.com/getsentry/self-hosted
Now, move to the cloned project path and run bash file to install Sentry
cd self-hosted
sudo ./install.sh
During the instal you will be prompted to opt in or out of sending error reports to Sentry’s self-hosted instance of their product.
Before finishing you will be prompted to create a user account. Note email address and password inputted as these will be the credentials of the administrator account for your Sentry instance.
Next, the Sentry instance is brought up with the default configuraion
sudo docker compose up -d
Now, your Sentry instance is exposed on port 9000. Replace 0.0.0.0 below with the IP of your instance of Sentry to test.
http://0.0.0.0:9000
This is required to invite new users and also to recieve Error notifications and weekly summary reports via email.
nano .env
In the .env file, uncomment SENTRY_MAIL_HOST=example.com and change example.com to a FQDN which email will be sent from eg. with SENTRY_MAIL_HOST=my-sentry-instance.com emails will be sent from sentry@my-sentry-instance.com
We are going to a add a directory, “traefik” to the cloned Sentry project and add a docker-compose file to configure traefik.
mkdir traefik
nano traefik/docker-compose.yml
In docker-compose.yml add the following, changing “admin@example.com” to a valid email address.
version: "3.3"
services:
traefik:
image: "traefik:v2.9"
container_name: "traefik"
network_mode: "host"
restart: "unless-stopped"
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
- "--certificatesresolvers.myresolver.acme.email=admin@exmaple.com"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
- "443:443"
- "8080:8080"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
Next, we are going to modify the docker-compose.yml of the cloned Sentry project.
nano docker-compose.yml
In the Sentry docker-compose file, the following changes need to be applied
Add labels to the web
service to enabale traefik, changing sentry.example.com
to the DNS name of your Sentry instance.
web:
<<: *sentry_defaults
labels:
- "traefik.enable=true"
- "traefik.http.routers.web.rule=Host(`sentry.example.com`)"
- "traefik.http.routers.web.entrypoints=websecure"
- "traefik.http.routers.web.tls.certresolver=myresolver"
Comment out the entire nginx service
Addd labels to the relay
service to enabale traefik, changing sentry.example.com
to the DNS name of your Sentry instance.
relay:
<<: *restart_policy
image: "$RELAY_IMAGE"
labels:
- "traefik.enable=true"
- "traefik.http.routers.relay.rule=Host(`sentry.example.com`) && PathPrefix(`/api/store/`, `/api/{id:[1-9]\\d*/}`)"
- "traefik.http.routers.relay.entrypoints=websecure"
- "traefik.http.routers.relay.tls.certresolver=myresolver"
It is now required to update the Sentry config file to point to the https address of your Sentry instance
sudo nano sentry/config.yml
Add the following under System Settings to set the https address of your Sentry instance
system.url-prefix: 'https://sentry.example.com'
Next, in the sentry.conf file uncomment SSL/TLS Seettings
sudo nano sentry/sentry.conf.py
Now it’s time to bring down the default and then all up to enable https connections…
sudo docker compose down && sudo docker compose up -d
cd traefik/
sudo docker compose up -d
For traefik
ensure port 80 and 443 is open to all to allow for the acme challenge to complete to generate SSL certs.