Self-Hosted Sentry
In addition to making its source code available publicly, Sentry offers and maintains a minimal setup that works out-of-the-box for simple use cases. This repository also serves as a blueprint for how various Sentry services connect for a complete setup, which is useful for folks willing to maintain larger installations. For the sake of simplicity, we have chosen to use Docker and Docker Compose for this, along with a bash-based install and upgrade script.
Getting Started
Our recommendation is to download the latest release of the self-hosted repository, and then run ./install.sh
inside this directory. This script will take care of all the things you need to get started, including a base-line configuration, and then will tell you to run docker-compose up -d
to start Sentry. Sentry binds to port 9000
by default. You should be able to reach the login page at http://127.0.0.1:9000.
Self-Hosted Monitoring
When you run ./install.sh
, you have a choice to opt in or out of our monitoring. This monitoring is used for development and debugging purposes so that we're on top of issues you're facing, allowing us to provide a more seamless installation process. For more details please see the section in the self-hosted README.
Note that choosing whether to send errors or not will become mandatory beginning with the 22.11.0 release.
Self-hosted Beacon
If you opt-in to it, self-hosted Sentry will periodically communicate with a remote beacon server. This is utilized for a couple of things, primarily:
- Getting information about the current version of Sentry
- Retrieving important system notices
The remote server is operated by the Sentry team (sentry.io), and the information reported follows the company's privacy policy.
The following information is reported:
- A unique installation ID
- The version of Sentry
- A technical contact email if opted in to sending contact info (system.admin-email)
- General anonymous statistics on the data pattern (such as the number of users and volume of errors)
- Names and version of the installed Python modules
Note: The contact email is utilized for security announcements, and will never be used outside of such. You can change your opt in/out settings for sending contact info at any time in the settings of the admin panel.
The data reported is minimal and it greatly helps the development team behind Sentry. With that said, you can disable the beacon with the following setting:
SENTRY_BEACON = False
Installing Behind a Proxy
In some enterprise setups there is no direct Internet connection, so you must use an HTTP proxy server. How do you install Sentry in this environment? Let us assume:
- Your Sentry installation is running on Linux.
http://proxy:3128
is your proxy address.127.0.0.0/8
is the only network that should be accessed without a proxy.
Here are the steps to follow:
- Set
http_proxy
,https_proxy
andno_proxy
variables in the/etc/environment
file. - To make the
docker pull
command respect your proxy settings, create a/etc/systemd/system/docker.service.d/http-proxy.conf
file with these contents:
[Service]
Environment="HTTP_PROXY=http://proxy:3128"
Environment="HTTPS_PROXY=http://proxy:3128"
Environment="NO_PROXY=127.0.0.0/8"
- Run
systemctl daemon-reload
and restart Docker withsystemctl restart docker.service
.
From there you can run ./install.sh
like usual.
By default Sentry sends anonymous usage statistics to the Sentry team. It helps to improve the product. Also there can be different external integrations with third party services like Slack or Twilio. To make these features work it's required to allow Docker containers to access the Internet. To add your proxy environment variables into Sentry's Docker containers, create ~/.docker/config.json
with these contents:
{
"proxies":
{
"default":
{
"httpProxy": "http://proxy:3128",
"httpsProxy": "http://proxy:3128",
"noProxy": "relay,web,sentry,127.0.0.0/8"
}
}
}
You can disable this feature by adding SENTRY_BEACON = False
into sentry.conf.py
file.
Configuration
You very likely will want to adjust the default configuration for your Sentry installation as well. These facilities are available for that purpose:
sentry/config.yml
—Contains most, if not all, configuration options to adjust. This file is generated fromsentry/config.example.yml
at the time of installation. The file itself documents the most common configuration options as code comments. Some popular settings in this file include:system.url-prefix
(we prompt you to set this at the welcome screen, right after the installation)mail.*
(though we do ship with a basic SMTP server)integrations for GitHub, Slack, etc.
sentry/sentry.conf.py
—Contains more advanced configuration. This file is generated fromsentry/sentry.conf.example.py
during installation.sentry/enhance-image.sh
—To install plugins and their dependencies or make other modifications to the Sentry base image, copysentry/enhance-image.example.sh
tosentry/enhance-image.sh
and add necessary steps there. For example, you can useapt-get
to install dependencies and usepip
to install plugins. After making modifications tosentry/enhance-image.sh
, run./install.sh
again to apply them.Environment variables—The available keys are defined in .env. Use some system-dependent means of setting environment variables if you need to override any of them. To avoid Git changes, simply create a file called
.env.custom
and insert your system-dependent environment variables there. In order to use this, please usedocker-compose --env-file /path/to/.env.custom up -d
.Geolocation uses a custom configuration file to conform to the underlying technology.
You can find more about configuring Sentry at the configuration section of our developer documentation.
Note
docker-compose restart web worker cron sentry-cleanup
(or just docker-compose restart
to restart everything).Configuration Topics
Here is further information on specific configuration topics related to self-hosting:
Productionalizing
We strongly recommend using a dedicated load balancer in front of your Sentry setup bound to a dedicated domain or subdomain. A dedicated load balancer that does SSL/TLS termination that also forwards the client IP address as Docker Compose internal network (as this is close to impossible to get otherwise) would give you the best Sentry experience. As part of this setup we recommend configuring a load balancer health check against the /_health/
endpoint using HTTP protocol. This will return a 200 if Sentry is up or a 500 with the list of problems.
Once you have setup a load balancer or reverse proxy to your Sentry instance, you should modify the system.url-prefix
in the config.yml
file to match your new URL and protocol. You should also update the SSL/TLS section in the sentry/sentry.conf.py
script, otherwise you may get CSRF-related errors when performing certain actions such as configuring integrations.
Keep in mind that all this setup uses single-nodes for all services, including Kafka. For larger loads, you'd need a beefy machine with lots of RAM and disk storage. To scale up even further, you are very likely to use clusters with a more complex tool, such as Kubernetes. Due to self-hosted installations' very custom nature, we do not offer any recommendations or guidance around scaling up. We do what works for us for our thousands of customers over at sentry.io and would love to have you over when you feel your local install's maintenance becomes a burden instead of a joy.