Sentry Tunnel
This is a proxy that forwards tunneled sentry requests to the real sentry server. The implementation is based on the explanation provided by the official sentry documentation.
A tunnel is an HTTP endpoint that acts as a proxy between Sentry and your application. Because you control this server, there is no risk of any requests sent to it being blocked. When the endpoint lives under the same origin (although it does not have to in order for the tunnel to work), the browser will not treat any requests to the endpoint as a third-party request. As a result, these requests will have different security measures applied which, by default, don't trigger ad-blockers.
Please note that the minimal supported Relay version is v21.6.0. Older versions might work, but are not supported by this project. Explanation here
Configuration
This proxy looks for the following environnement variables :
TUNNEL_REMOTE_HOST: A comma separted list of sentry relays which are allowed to be tuneled by this service. Example :TUNNEL_REMOTE_HOST=https://sentry.example.com, https://sentry2.example.com.TUNNEL_PROJECT_IDS: A comma separated list of valid project ids. Request that are not from those projects will be rejected. Example :TUNNEL_PROJECT_IDS=456,78,10840.TUNNEL_LISTEN_PORT: The port that this application will bind to. Example :TUNNEL_LISTEN_PORT=7878. This is optional, the default value is 7878.TUNNEL_PATH: The url path where the tunnel will be waiting for tunneled request. Example :TUNNEL_PATH=/tunnel. This is optional, the default value is '/tunnel'.TUNNEL_IP: The ip that this application will listen on. Optional, the default value is127.0.0.1.
Running with docker
The docker image lives here.
An example docker-compose file is provided. Otherwise :
docker run --rm -e 'TUNNEL_REMOTE_HOST=https://sentry.example.com' -e 'TUNNEL_PROJECT_IDS=1,5' sigalen/sentry_tunnel
Running without docker
python3 -m venv venv # Install venv
. venv/bin/activate # Enable venv
pip install -r requirements.txt # Install dependencies
./manage.py collectstatic
./manage.py makemessages -l fr
cp env/.env.docker.prod.djrdo.example .env
vim .env # Edit env file, you can remove VIRTUAL_HOST and LETSENCRYPT_HOST lines
hypercorn --bind 0.0.0.0:8000 djRDO.asgi:application # You should put this line in a service file :)
Here is an example nginx configuration :
server {
listen *:443 ssl;
server_name demo.djrdo.florencepaul.com;
include ssl.conf;
ssl_certificate fullchain.pem;
ssl_certificate_key privkey.pem;
include certbot.conf;
keepalive_timeout 5;
location /static/ {
alias /<djrdo_path>/static/;
}
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_connect_timeout 90;
proxy_send_timeout 180;
proxy_read_timeout 180;
proxy_buffer_size 16k;
proxy_buffers 8 16k;
proxy_busy_buffers_size 32k;
proxy_intercept_errors on;
if (!-f $request_filename) {
proxy_pass http://djrdo_backend;
break;
}
}
}
upstream djrdo_backend {
server 127.0.0.1:8000;
}
License
BSD-2
4 Apr 16, 2022
55 Jan 8, 2023
3 May 24, 2021
259 Jan 6, 2023
2 Feb 17, 2022
6 Nov 7, 2022
4 Sep 21, 2022
79 Jan 4, 2023
3 Nov 18, 2021
3 Dec 4, 2022
12 Sep 24, 2022
6.2k Dec 31, 2022
34 Nov 29, 2022
220 Jan 7, 2023
185 Dec 15, 2022
18 May 5, 2023
280 Dec 31, 2022
3 Dec 15, 2022
10 Dec 18, 2022