sentry

参考:

Step1. 先安装 Docker (1.10.0+)

http://haobing.wang/docker

docker --version

Step2. 再安装 Compose (1.6.0+)

sudo yum install epel-release
sudo yum install -y python-pip
sudo pip install docker-compose
docker-compose --version

Step3. 最后 Building Container

https://github.com/getsentry/onpremise

git clone  https://github.com/getsentry/onpremise.git
cd onpremise
mkdir -p data/{sentry,postgres}

主要操作目录都在 onpremise 下

获取项目的 key:

docker-compose run --rm web config generate-secret-key

查看进程:

docker-compose ps

关闭全部容器:

docker-compose stop

如果报错:ERROR: Couldn't connect to Docker daemon at http+docker://localunixsocket - is it running?,这个需要使用 sudo 运行,正确的做法是将当前用户加入 docker 用户组。参考:http://haobing.wang/docker

正常完成后会有个警告:

WARNING: Image for service web was built because it did not already exist. To rebuild this image you must use docker-compose build or docker-compose up --build.

这个可以忽略。

/usr/lib/python2.7/site-packages/requests/init.py:80: RequestsDependencyWarning: urllib3 (1.22) or chardet (2.2.1) doesn't match a supported version!

原因是 python 库中urllib3 (1.21.1) or chardet (2.2.1) 的版本不兼容

sudo pip uninstall urllib3
sudo pip uninstall  chardet
sudo pip install requests

如果使用阿里云 ECS 设置并开启swap: http://haobing.wang/swap

否则会造成 CPU 卡死在 100% 整个系统处于挂起状态,平均负载能超过30。

配置 HTTPS

首先要在nginx 的配置文件中加入

location / {
    proxy_pass http://localhost:9000;
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    # 下面一行很重要,$scheme 好像没用,所以直接用 https 
    proxy_set_header   X-Forwarded-Proto https;
    proxy_buffering off;     
}

然后还要修改 sentry.conf.py :

##############
# Web Server #
##############

# If you're using a reverse SSL proxy, you should enable the X-Forwarded-Proto header 
# and set `SENTRY_USE_SSL=1`
# 添加下面一行
SENTRY_USE_SSL=1

if Bool(env('SENTRY_USE_SSL', False)):
    SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
    SESSION_COOKIE_SECURE = True
    CSRF_COOKIE_SECURE = True

整个配置:

server {  
    listen 80;
    listen [::]:80;
    server_name sentry.haobing.com;

    include /etc/nginx/snippets/letsencrypt.conf;

    location / {
        return 301 https://sentry.haobing.com$request_uri;
    }
}

server {  
    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    server_name sentry.haobing.com;
    
    ssl_certificate /etc/letsencrypt/live/sentry.haobing.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/sentry.haobing.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_buffering off;

    # keepalive + raven.js is a disaster
    keepalive_timeout 0;

    # use very aggressive timeouts
    proxy_read_timeout 5s;
    proxy_send_timeout 5s;
    send_timeout 5s;
    resolver_timeout 5s;
    client_body_timeout 5s;

    # buffer larger messages
    client_max_body_size 5m;
    client_body_buffer_size 100k;

    location / {
        proxy_pass http://localhost:9000;
    }
}