Install Sentry On Ubuntu 18.04 Using Nginx And Let's Encrypt Certificates

This tutorial guides you through the setup process of Sentry (onpremise / self hosted) using Ubuntu 18.04, nginx as webserver and LetsEncrypt certificates.

First step is to get Ubuntu 18.04 up and running. In my case, I use a cloud server from Hetzner. You should use a server with at least 4GB or RAM, because the setup process checks for at least 2.5GB of RAM available for Docker. That’s why I chose a CX21 server.

First step is to update the system:

apt-get update
apt-get full-upgrade
reboot

Next step is to install Docker:

sudo apt-get remove docker docker-engine docker.io containerd runc
sudo apt-get update
sudo apt-get install \
    apt-transport-https \
    ca-certificates \
    curl \
    gnupg-agent \
    software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

When using a 64 bit environment, use the command below, otherwise check this link for the required command:

sudo add-apt-repository \
   "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
   $(lsb_release -cs) \
   stable"
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io

You can perform a check if docker has been installed successfully by running:

sudo docker run hello-world

There should be a ‘Hello World’ output if everything is working as expected.

Docker Compose

To install docker compose, run these commands (you can check for updated versions here):

sudo curl -L "https://github.com/docker/compose/releases/download/1.25.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

Optional: If docker compose is not working after installation, you may have to create a symbolic link:

sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose

Install Sentry

To install Sentry itself, use these commands:

git clone https://github.com/getsentry/onpremise.git

Before installing Sentry, check for the configuration parameters here. After checking the page and configure the desired settings (e.g. mail), run:

./install.sh

After the installation process has finished, run this command to start Sentry:

docker-compose up -d

Install Nginx

After the installation of Sentry, you have to install nginx as kind of reverse proxy. To install nginx, run:

apt-get install nginx-full

After the setup has completed, replace the default site configuration by:

mv /etc/nginx/sites-available/default /etc/nginx/sites-available/old_default

Now, create a new default configuration (replace your.server.name):

server {
    listen   80;
    server_name your.server.name;

    location / {
        proxy_pass        http://localhost:9000;

        add_header Strict-Transport-Security "max-age=31536000";
    }
}

Now, check your configuration for errors:

sudo nginx -t

If everything is fine, reload nginx:

sudo systemctl reload nginx

When accessing http://your.server.name, you should be able to access your Sentry installation, but it is a HTTP connection. We want a HTTPS connection instead, so let’s install a LetsEncrypt certificate.

Install LetsEncrypt Certificate

Run these commands:

sudo add-apt-repository ppa:certbot/certbot
sudo apt install python-certbot-nginx

Run this command to get the desired certificate (replace your.server.name with the domain you want):

sudo certbot --nginx -d your.server.name

A wizard will guide you through the setup process.

If everything worked fine, you can check, if the automated certificate renewal works by running:

sudo certbot renew --dry-run

Setup a Firewall

To add some security, let’s configure a firewall. First, check the status by running:

sudo ufw status

Now, add the desired rule for ssh and nginx:

sudo ufw allow ssh
sudo ufw allow 'Nginx Full'

Enable the firewall by:

sudo ufw enable

Finished

Now, the server setup is finished. Be careful, that is a total basic setup. You have to know, what you do, before running this server in a productive environment!