Skip to content

Instantly share code, notes, and snippets.

@beeftornado

beeftornado/nginx-conf

Last active January 18, 2024 19:54
Show Gist options
  • Star 24 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
  • Save beeftornado/945d5180ffd402f5cd8d to your computer and use it in GitHub Desktop.
Save beeftornado/945d5180ffd402f5cd8d to your computer and use it in GitHub Desktop.
Download ZIP
Nginx reverse proxy for Sentry (github.com/getsentry/sentry). I removed some personal information and replaced it with <UPPERCASE> so look closely. Some key information in the sentry settings - SENTRY_URL_PREFIX, FORCE_SCRIPT_NAME, and ALLOWED_HOSTS. The rest of that is pretty standard.
Raw
nginx-conf
server {
listen 80; ## listen for ipv4; this line is default and implied
listen [::]:80 default ipv6only=on; ## listen for ipv6
root /usr/share/nginx/www;
index index.php index.html index.htm;
# Make site accessible from http://localhost/
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to index.html
try_files $uri $uri/ /index.html;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
#### SENTRY RELATED ####
# Any requests coming from a sentry page for static content gets rewritten
if ($http_referer ~ <TOP_LEVEL_DOMAIN>.com/sentry) {
rewrite /_static/(.*)$ /sentry/_static/$1 break;
}
location /sentry {
proxy_pass http://0.0.0.0:9000;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header SCRIPT_NAME /sentry;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
#### END SENTRY RELATED ####
location /doc/ {
alias /usr/share/doc/;
autoindex on;
allow 127.0.0.1;
deny all;
}
# Only for nginx-naxsi : process denied requests
#location /RequestDenied {
# For example, return an error code
#return 418;
#}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root /usr/share/nginx/www;
#}
# pass the PHP scripts to FastCGI server
#
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
# With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}
Raw
sentry-settings.py
# This file is just Python, with a touch of Django which means you
# you can inherit and tweak settings to your hearts content.
from sentry.conf.server import *
import os.path
CONF_ROOT = os.path.dirname(__file__)
DATABASES = {
'default': {
# You can swap out the engine for MySQL easily by changing this value
# to ``django.db.backends.mysql`` or to PostgreSQL with
# ``django.db.backends.postgresql_psycopg2``
# If you change this, you'll also need to install the appropriate python
# package: psycopg2 (Postgres) or mysql-python
#'ENGINE': 'django.db.backends.sqlite3',
'ENGINE': 'django.db.backends.postgresql_psycopg2',
'NAME': 'sentrytest',
'USER': 'ubuntu',
'PASSWORD': 'ubuntu',
'HOST': 'localhost',
'PORT': '',
# If you're using Postgres, we recommend turning on autocommit
'OPTIONS': {
'autocommit': True,
}
}
}
# If you're expecting any kind of real traffic on Sentry, we highly recommend
# configuring the CACHES and Redis settings
###########
## CACHE ##
###########
# You'll need to install the required dependencies for Memcached:
# pip install python-memcached
#
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': ['127.0.0.1:11211'],
}
}
###########
## Queue ##
###########
# See http://sentry.readthedocs.org/en/latest/queue/index.html for more
# information on configuring your queue broker and workers. Sentry relies
# on a Python framework called Celery to manage queues.
# You can enable queueing of jobs by turning off the always eager setting:
CELERY_ALWAYS_EAGER = False
BROKER_URL = 'redis://localhost:6379'
####################
## Update Buffers ##
####################
# Buffers (combined with queueing) act as an intermediate layer between the
# database and the storage API. They will greatly improve efficiency on large
# numbers of the same events being sent to the API in a short amount of time.
# (read: if you send any kind of real data to Sentry, you should enable buffers)
# You'll need to install the required dependencies for Redis buffers:
# pip install redis hiredis nydus
#
SENTRY_BUFFER = 'sentry.buffer.redis.RedisBuffer'
SENTRY_REDIS_OPTIONS = {
'hosts': {
0: {
'host': '127.0.0.1',
'port': 6379,
}
}
}
SENTRY_QUOTAS = 'sentry.quotas.redis.RedisQuota'
SENTRY_QUOTA_OPTIONS = {
'hosts': {
0: {
'host': '127.0.0.1',
'port': 6379,
}
}
}
SENTRY_DEFAULT_MAX_EVENTS_PER_MINUTE = '90%'
SENTRY_SYSTEM_MAX_EVENTS_PER_MINUTE = 500
################
## Web Server ##
################
# You MUST configure the absolute URI root for Sentry:
SENTRY_URL_PREFIX = 'http://<TOP_LEVEL_DOMAIN>.com/sentry' # No trailing slash!
FORCE_SCRIPT_NAME = '/sentry'
# If you're using a reverse proxy, you should enable the X-Forwarded-Proto
# and X-Forwarded-Host headers, and uncomment the following settings
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
USE_X_FORWARDED_HOST = True
SENTRY_WEB_HOST = '0.0.0.0'
SENTRY_WEB_PORT = 9000
SENTRY_WEB_OPTIONS = {
'workers': 3, # the number of gunicorn workers
'limit_request_line': 0, # required for raven-js
'secure_scheme_headers': {'X-FORWARDED-PROTO': 'https'},
}
#################
## Mail Server ##
#################
# For more information check Django's documentation:
# https://docs.djangoproject.com/en/1.3/topics/email/?from=olddocs#e-mail-backends
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_HOST = 'localhost'
EMAIL_HOST_PASSWORD = ''
EMAIL_HOST_USER = ''
EMAIL_PORT = 25
EMAIL_USE_TLS = False
# The email address to send on behalf of
SERVER_EMAIL = 'sentry@<TOP_LEVEL_DOMAIN_OR_WHATEVER_YOU_WANT>'
###########
## etc. ##
###########
# If this file ever becomes compromised, it's important to regenerate your SECRET_KEY
# Changing this value will result in all current sessions being invalidated
SECRET_KEY = '5pZb0fL1hTsUBmSvcL4Fuvs0IRGl/Y/Uy10BcAN2fiZ+xXp5D7uMAA=='
# http://twitter.com/apps/new
# It's important that input a callback URL, even if its useless. We have no idea why, consult Twitter.
TWITTER_CONSUMER_KEY = ''
TWITTER_CONSUMER_SECRET = ''
# http://developers.facebook.com/setup/
FACEBOOK_APP_ID = ''
FACEBOOK_API_SECRET = ''
# http://code.google.com/apis/accounts/docs/OAuth2.html#Registering
GOOGLE_OAUTH2_CLIENT_ID = ''
GOOGLE_OAUTH2_CLIENT_SECRET = ''
# https://github.com/settings/applications/new
GITHUB_APP_ID = ''
GITHUB_API_SECRET = ''
# https://trello.com/1/appKey/generate
TRELLO_API_KEY = ''
TRELLO_API_SECRET = ''
# https://confluence.atlassian.com/display/BITBUCKET/OAuth+Consumers
BITBUCKET_CONSUMER_KEY = ''
BITBUCKET_CONSUMER_SECRET = ''
ALLOWED_HOSTS = ['<TOP_LEVEL_DOMAIN>:9000', '<TOP_LEVEL_DOMAIN>', '<VIP>', '<VIP>/sentry', '0.0.0.0:9000']
@uhlhosting
Copy link

How do you handle email routing via Nginx?

@rohit-dimagi
Copy link

I followed this guide but i get stuck into this redirect loop until browser gives up.

Jun 18 11:10:58  supervisord[125909]: sentry-web 112.171.15 - - [18/Jun/2020:11:10:58 +0000] "GET /sentry/auth/login/ HTTP/1.0" 302 486 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0"

any pointers ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment