Proxy sentry request to a sentry server using a tunnel/proxy endpoint

Overview

tests Image Size Docker Pulls

Sentry Tunnel

This is a proxy that forwards tunneled sentry requests to the real sentry server. The implementation is based on the explanation provided by the official sentry documentation.

A tunnel is an HTTP endpoint that acts as a proxy between Sentry and your application. Because you control this server, there is no risk of any requests sent to it being blocked. When the endpoint lives under the same origin (although it does not have to in order for the tunnel to work), the browser will not treat any requests to the endpoint as a third-party request. As a result, these requests will have different security measures applied which, by default, don't trigger ad-blockers.

From the sentry documentation

Please note that the minimal supported Relay version is v21.6.0. Older versions might work, but are not supported by this project. Explanation here

Configuration

This proxy looks for the following environnement variables :

  • TUNNEL_REMOTE_HOST : A comma separted list of sentry relays which are allowed to be tuneled by this service. Example : TUNNEL_REMOTE_HOST=https://sentry.example.com, https://sentry2.example.com.
  • TUNNEL_PROJECT_IDS : A comma separated list of valid project ids. Request that are not from those projects will be rejected. Example : TUNNEL_PROJECT_IDS=456,78,10840.
  • TUNNEL_LISTEN_PORT : The port that this application will bind to. Example : TUNNEL_LISTEN_PORT=7878. This is optional, the default value is 7878.
  • TUNNEL_PATH : The url path where the tunnel will be waiting for tunneled request. Example : TUNNEL_PATH=/tunnel. This is optional, the default value is '/tunnel'.
  • TUNNEL_IP : The ip that this application will listen on. Optional, the default value is 127.0.0.1.

Running with docker

The docker image lives here.

An example docker-compose file is provided. Otherwise :

docker run --rm -e 'TUNNEL_REMOTE_HOST=https://sentry.example.com' -e 'TUNNEL_PROJECT_IDS=1,5' sigalen/sentry_tunnel

Running without docker

python3 -m venv venv  # Install venv
. venv/bin/activate  # Enable venv
pip install -r requirements.txt  # Install dependencies
./manage.py collectstatic
./manage.py makemessages -l fr
cp env/.env.docker.prod.djrdo.example .env
vim .env  # Edit env file, you can remove VIRTUAL_HOST and LETSENCRYPT_HOST lines
hypercorn --bind 0.0.0.0:8000 djRDO.asgi:application  # You should put this line in a service file :)

Here is an example nginx configuration :

server {
	listen *:443 ssl;
	server_name demo.djrdo.florencepaul.com;

	include ssl.conf;

	ssl_certificate fullchain.pem;
	ssl_certificate_key privkey.pem;

	include certbot.conf;
	keepalive_timeout 5;

	location /static/ {
		alias   /<djrdo_path>/static/;
	}
	location / {
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header Host $http_host;
		proxy_redirect off;
		proxy_connect_timeout 90;
		proxy_send_timeout 180;
		proxy_read_timeout 180;
		proxy_buffer_size 16k;
		proxy_buffers 8 16k;
		proxy_busy_buffers_size 32k;
		proxy_intercept_errors on;
		if (!-f $request_filename) {
			proxy_pass http://djrdo_backend;
			break;
		}
	}
}

upstream djrdo_backend {
	server 127.0.0.1:8000;
}

License

BSD-2

You might also like...
Lightweight proxy that allows redirect HTTP(S) traffic through a proxy.

Proxyswarm Proxyswarm is a lightweight proxy that allows redirect HTTP(S) traffic through a proxy. WARNING: This app isn't recomended for download lar

Web3-proxy: a fast caching and load balancing proxy for web3 (Ethereum or similar) JsonRPC servers.

web3-proxy Web3-proxy is a fast caching and load balancing proxy for web3 (Ethereum or similar) JsonRPC servers. Signed transactions (eth_sendRawTrans

server security proxy write by Rust

server-security-proxy server security proxy write by Rust how to use config toml file

A high performence Socks5 proxy server with bind/reverse support implementation by Rust.

rsocx A high performence Socks5 proxy server with bind/reverse support implementation by Rust Features Async-std No unsafe code Single executable Linu

A tcp proxy server/client which exchange the data in temp files

ftcp A tcp proxy server/client which exchange the data in temp files 通过在临时文件中交换数据来进行TCP代理的一个服务端/客户端 学校内网中有针对教学楼的防火墙导致教室电脑难以上网( 但学校内建有公共ftp服务器,因此就有了这个借

🔌 A curseforge proxy server, keeping your API key safe and sound.

🔌 CFPROXY - The curseforge proxy server Curseforge has locked down their API and now restricts access without authentification. This spells trouble f

A multi-connection TCP reverse proxy server and client.

tprox A multi-connection TCP reverse proxy. The tprox server is able to proxy multiple incoming connections to the tprox client over a single TCP conn

A high performance http proxy server & extensions platform & net packet capture tool
A high performance http proxy server & extensions platform & net packet capture tool

CthulhuRs A high performance http proxy server A browser extensions platform A net packet capture tool Demonstration Main features of CthulhuRs Inject

axum-server is a hyper server implementation designed to be used with axum framework.

axum-server axum-server is a hyper server implementation designed to be used with axum framework. Features Conveniently bind to any number of addresse

Comments
  • The tunnel returns an error

    The tunnel returns an error

    I configured the tunnel with the docker image but it returns an error like this one:

    thread 'tokio-runtime-worker' panicked at 'called `Result::unwrap()` on an `Err` value: RelativeUrlWithoutBase', src/envelope.rs:75:36
    stack backtrace:
       0:     0x7f5316af1a50 - std::backtrace_rs::backtrace::libunwind::trace::hb16dbf761681cfc0
                                   at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/std/src/../../backtrace/src/backtrace/libunwind.rs:90:5
       1:     0x7f5316af1a50 - std::backtrace_rs::backtrace::trace_unsynchronized::h53bc5f57122de54d
                                   at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/std/src/../../backtrace/src/backtrace/mod.rs:66:5
       2:     0x7f5316af1a50 - std::sys_common::backtrace::_print_fmt::h7e86959aa36cde43
                                   at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/std/src/sys_common/backtrace.rs:67:5
       3:     0x7f5316af1a50 - <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt::hf42958820747a8ac
                                   at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/std/src/sys_common/backtrace.rs:46:22
       4:     0x7f5316b2f5ec - core::fmt::write::h6f5ededa5074697e
                                   at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/core/src/fmt/mod.rs:1115:17
       5:     0x7f5316aec4c5 - std::io::Write::write_fmt::hdb84dc6c28fda870
                                   at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/std/src/io/mod.rs:1665:15
       6:     0x7f5316af3a2b - std::sys_common::backtrace::_print::hbb646398d13d0dcb
                                   at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/std/src/sys_common/backtrace.rs:49:5
       7:     0x7f5316af3a2b - std::sys_common::backtrace::print::ha3796c9cf0c5a732
                                   at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/std/src/sys_common/backtrace.rs:36:9
       8:     0x7f5316af3a2b - std::panicking::default_hook::{{closure}}::hb85a09d7e9a16432
                                   at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/std/src/panicking.rs:208:50
       9:     0x7f5316af3501 - std::panicking::default_hook::hdc924e74cb190bbb
                                   at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/std/src/panicking.rs:225:9
      10:     0x7f5316af40f4 - std::panicking::rust_panic_with_hook::hd63b080e78590a80
                                   at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/std/src/panicking.rs:622:17
      11:     0x7f5316af3bd7 - std::panicking::begin_panic_handler::{{closure}}::h27bfba1f7e931f90
                                   at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/std/src/panicking.rs:519:13
      12:     0x7f5316af1eec - std::sys_common::backtrace::__rust_end_short_backtrace::h2cc025f6c95b1f82
                                   at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/std/src/sys_common/backtrace.rs:141:18
      13:     0x7f5316af3b39 - rust_begin_unwind
                                   at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/std/src/panicking.rs:515:5
      14:     0x7f53166dcfc1 - core::panicking::panic_fmt::h9f5a85773697c5f5
                                   at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/core/src/panicking.rs:92:14
      15:     0x7f53166dd0b3 - core::result::unwrap_failed::h43465fb8e3273283
                                   at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/core/src/result.rs:1599:5
      16:     0x7f5316766436 - <core::iter::adapters::map::Map<I,F> as core::iter::traits::iterator::Iterator>::try_fold::he5a303e7c20755b8
      17:     0x7f531676a8ca - sentry_tunnel::envelope::SentryEnvelope::dsn_host_is_valid::h30a61ee7ef4bf7a3
      18:     0x7f53167614cf - <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll::h45378b13883fce05
      19:     0x7f53169a2299 - <futures_util::future::future::Map<Fut,F> as core::future::future::Future>::poll::h44031fba5a98df6f
      20:     0x7f53169a8723 - <futures_util::future::try_future::try_flatten_err::TryFlattenErr<Fut,<Fut as futures_core::future::TryFuture>::Error> as core::future::future::Future>::poll::hffbccbab3c0ac311
      21:     0x7f53169a2087 - <futures_util::future::future::Map<Fut,F> as core::future::future::Future>::poll::h14a2da13cf059196
      22:     0x7f53169b544e - <futures_util::future::try_future::try_flatten::TryFlatten<Fut,<Fut as futures_core::future::TryFuture>::Ok> as core::future::future::Future>::poll::hc75c02f2ccdc0150
      23:     0x7f53169a6899 - <futures_util::future::try_future::AndThen<Fut1,Fut2,F> as core::future::future::Future>::poll::h447c699d0fe8a828
      24:     0x7f531671fa55 - <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll::h9fb6797044475bd9
      25:     0x7f531671f398 - <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll::h6f29778b3c2e7dbb
      26:     0x7f531671a7ac - hyper::proto::h1::dispatch::Dispatcher<D,Bs,I,T>::poll_inner::h2b6debe1116855b1
      27:     0x7f531674cb08 - <hyper::server::conn::upgrades::UpgradeableConnection<I,S,E> as core::future::future::Future>::poll::hdcf8a662511ecb96
      28:     0x7f5316705b8b - <futures_util::future::future::map::Map<Fut,F> as core::future::future::Future>::poll::h61d1508f30d73881
      29:     0x7f531671fc4c - <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll::hb8a6706da5256738
      30:     0x7f531675508e - tokio::runtime::task::core::CoreStage<T>::poll::hb55bce37b34d2b50
      31:     0x7f531670feb7 - tokio::runtime::task::harness::poll_future::he66fdad49a51c82e
      32:     0x7f5316710ddf - tokio::runtime::task::harness::Harness<T,S>::poll::h3481a8149d288967
      33:     0x7f5316abeb06 - tokio::runtime::thread_pool::worker::Context::run_task::h484d166afc49137b
      34:     0x7f5316abd927 - tokio::runtime::thread_pool::worker::Context::run::he56ca1e64e14a46b
      35:     0x7f5316aaa803 - tokio::macros::scoped_tls::ScopedKey<T>::set::h4f4d6d229172db0a
      36:     0x7f5316abd1c1 - tokio::runtime::thread_pool::worker::run::h10dbecfad0c64130
      37:     0x7f5316ac39f1 - tokio::loom::std::unsafe_cell::UnsafeCell<T>::with_mut::hcca2e7104e44bce9
      38:     0x7f5316aa65f8 - tokio::runtime::task::harness::Harness<T,S>::poll::h39ba1fac2c9f2fc6
      39:     0x7f5316ab39d1 - tokio::runtime::blocking::pool::Inner::run::hca3bbe70b8fdad36
      40:     0x7f5316aa72cb - std::sys_common::backtrace::__rust_begin_short_backtrace::h5a2acef6ae0efedd
      41:     0x7f5316ac5518 - core::ops::function::FnOnce::call_once{{vtable.shim}}::h00a79e75441986e7
      42:     0x7f5316af74b7 - <alloc::boxed::Box<F,A> as core::ops::function::FnOnce<Args>>::call_once::h4b43062ddf86e957
                                   at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/alloc/src/boxed.rs:1572:9
      43:     0x7f5316af74b7 - <alloc::boxed::Box<F,A> as core::ops::function::FnOnce<Args>>::call_once::h140d9feeaae0eb97
                                   at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/alloc/src/boxed.rs:1572:9
      44:     0x7f5316af74b7 - std::sys::unix::thread::Thread::new::thread_start::hf02895d7c8c67d27
                                   at /rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b/library/std/src/sys/unix/thread.rs:74:17
    

    Any idea why?

    bug 
    opened by bogdanr 2
  • Server certificate cannot be validated

    Server certificate cannot be validated

    Hello,

    using the latest docker image as of today I receive an error message that the server certificate cannot be validated (copied verbatim below). The server is using Let's encrypt certificates which work fine when visiting the domain by browser (it's self-hosting sentry).

    Any quick suggestions on what might be going? I saw there was a fix a while back dealing with missing SSL certs and think this should still be active. I haven't dug deeper into building the image myself and for whatever reasons cannot run a shell in the container to dig around in there myself (slightly puzzled by that actually).

    Thanks!

    sentry_tunnel | ERROR - the server certificate could not be validated - Host = not-shown-here

    opened by booltype 2
Releases(1.0.9)
Owner
Paul FLORENCE
Rust & System programming but also sysadmin !
Paul FLORENCE
An asynchronous dumb exporter proxy for prometheus. This aggregates all the metrics and exposes as a single scrape endpoint.

A dumb light weight asynchronous exporter proxy This is a dumb lightweight asynchronous exporter proxy that will help to expose multiple application m

Dark streams 3 Dec 4, 2022
A remote shell, TCP tunnel and HTTP proxy for Replit.

Autobahn A remote shell, TCP tunnel and HTTP proxy for Replit. Hybrid SSH/HTTP server for Replit. Based on leon332157/replish. Autobahn runs a WebSock

Patrick Winters 12 Sep 24, 2022
A modern, simple TCP tunnel in Rust that exposes local ports to a remote server, bypassing standard NAT connection firewalls

bore A modern, simple TCP tunnel in Rust that exposes local ports to a remote server, bypassing standard NAT connection firewalls. That's all it does:

Eric Zhang 6.2k Dec 31, 2022
Tunnel TCP traffic through SOCKS5 or HTTP using a TUN interface.

tun2proxy Tunnel TCP traffic through SOCKS5 or HTTP on Linux. Authentication not yet supported. Error handling incomplete and too restrictive. Build C

B. Blechschmidt 34 Nov 29, 2022
An easy-to-use tunnel to localhost built in Rust. An alternative to ngrok and frp.

rslocal English | 中文 What is rslocal? Rslocal is like ngrok built in Rust, it builds a tunnel to localhost. Project status support http support tcp su

saltbo 220 Jan 7, 2023
A TCP proxy using HTTP - Reach SSH behind a Nginx reverse proxy

?? TCP over HTTP ?? The Questions ?? What does it do? You can proxy TCP traffic over HTTP. A basic setup would be: [Your TCP target] <--TCP-- [Exit No

Julian 185 Dec 15, 2022
QUIC proxy that allows to use QUIC to connect to an SSH server without needing to patch the client or the server.

quicssh-rs ?? quicssh-rs is a QUIC proxy that allows to use QUIC to connect to an SSH server without needing to patch the client or the server. quicss

Jun Ouyang 18 May 5, 2023
Make every request from a separate IPv6 address.

Http Proxy IPv6 Pool Make every request from a separate IPv6 address. https://zu1k.com/posts/tutorials/http-proxy-ipv6-pool/ Tutorial Assuming you alr

zu1k 280 Dec 31, 2022
No-nonsense, elegant request framework

Note: this crate is in an experimental sketch state. Please be careful if using on production environments. nerf nerf stands for: No-nonsense: Correct

Nam Junghyun 3 Dec 15, 2022
UDP proxy with Proxy Protocol and mmproxy support

udppp UDP proxy with Proxy Protocol and mmproxy support. Features Async Support Proxy Protocol V2 SOCKET preserve client IP addresses in L7 proxies(mm

b23r0 10 Dec 18, 2022