sentry 部署

一准备：机器及域名

* 机器：阿里云ecs

* 域名：sentry.domain.com

二：基础环境安装

* 安装 node version>=8.0

curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -

apt-get install -y nodejs

* 安装依赖库

apt-get install -y python-virtualenv python-setuptools gcc python-dev libxslt1-dev libffi-dev libjpeg-dev libxml2-dev libxslt-dev libyaml-dev

apt-get install -y postgresql-server-dev-9.5 supervisor postgresql redis-server nginx

* 添加用户

sudo useradd -m sentry

* 初始化数据库

sudo su - postgres

psql template1

create extension citext;

create user sentry with password 'sentry';

create database sentrydb with owner sentry;

\q

exit

* 初始化sentry

sudo su - sentry

virtualenv /opt/sentry

source /opt/sentry/bin/activate

pip install -U sentry

sentry init

* 配置 sentry

vim /home/sentry/.sentry/sentry.conf.py

DATABASES = {

'default': {

'ENGINE': 'sentry.db.postgres',

'NAME': 'sentrydb',

'USER': 'sentry',

'PASSWORD': 'sentry', # <-- or whatever you set with the psql command

'HOST': 'localhost',

'PORT': '5432',

}

}

* sentry upgrade 设置管理员账户

* 设置sentry 守护进程

vim /etc/supervisor/conf.d/sentry.conf

[program:sentry-web]

directory=/opt/sentry/

environment=SENTRY_CONF="/home/sentry/.sentry"

command=/opt/sentry/bin/sentry run web

autostart=true

autorestart=true

redirect_stderr=true

user=sentry

stdout_logfile=syslog

stderr_logfile=syslog

[program:sentry-worker]

directory=/opt/sentry/

environment=SENTRY_CONF="/home/sentry/.sentry"

command=/opt/sentry/bin/sentry run worker

autostart=true

autorestart=true

redirect_stderr=true

user=sentry

stdout_logfile=syslog

stderr_logfile=syslog

[program:sentry-cron]

directory=/opt/sentry/

environment=SENTRY_CONF="/home/sentry/.sentry"

command=/opt/sentry/bin/sentry run cron

autostart=true

autorestart=true

redirect_stderr=true

stdout_logfile=syslog

stderr_logfile=syslog

* 使用nginx代理（启用ssl）

a: 编辑/home/sentry/.sentry/sentry.conf.py 启用以下部分

SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')

SESSION_COOKIE_SECURE = True

CSRF_COOKIE_SECURE = True

b: 编辑/etc/nginx/conf.d/sentry.conf

upstream sentry {

server localhost:9000 weight=9;

}

server {

listen 443 ssl;

server_name sentry.domain.com;

client_max_body_size 50M;

client_body_buffer_size 256k;

ssl on;

ssl_certificate /etc/nginx/ssl/xxxx.pem;

ssl_certificate_key /etc/nginx/ssl/xxxx.key;

ssl_session_timeout 5m;

ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_prefer_server_ciphers on;

access_log /var/log/nginx/sentry.access.log;

error_log /var/log/nginx/sentry.error.log;

proxy_set_header Host $http_host;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_set_header X-Forwarded-For $remote_addr;

proxy_redirect off;

location / {

proxy_pass http://sentry;

proxy_redirect off;

proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

add_header Strict-Transport-Security "max-age=31536000";

}

}

server {

listen 80;

server_name sentry.domain.com;

client_max_body_size 50M;

location / {

if ($request_method = GET) {

rewrite ^ https://$host$request_uri? permanent;

}

return 405;

}

}