How to install sentry on Debian 10 Buster with letsencrypt

by

1. Install package and create directory for sentry

apt install mc git build-essential apt-transport-https ca-certificates curl software-properties-common apache2 apache2-utils snapd ssl-cert sudo

2. Install docker

Get the gpg key for the docker repository

curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -

Easy add docker repository to you apt debian 10

add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian buster stable"

Next update apt cache and than can install docker-ce and docker-compose for sentry

apt-get update -y
apt-get install docker-ce -y

Next we need to get the newest docker-compose from github, because sentry needed it and no repository will give it to you. Just download the new bin from github and make it executable

sudo apt-get install docker-compose-plugin
mv /u

You can not check, if docker-compose is version 1.27.4 with the command

docker compose -v

3. Install sentry

mkdir /opt/sentry
cd /opt/sentry
git clone https://github.com/getsentry/onpremise.git
cd /opt/sentry/onpremise/
./install.sh

Now he create come default config files and download the images from docker. It will take some times. Answer the question “Would you like to create a user account now? [Y/n]:” with y. It will create the admin user for the backend.

4. Sentry configuration

sudo mv sentry/config.example.yml sentry/config.yml 
sudo mv sentry/sentry.conf.example.py sentry/sentry.conf.py
sudo mcedit sentry/config.yml
//Change mail.host: 'NAME.DE'
//Change mail.port: '587'
//Change mail.username: 'MAIL@NAME.DE'
//Change mail.password: '<…>'
//Change mail.use-tls: true
//Change mail.from: 'MAIL@NAME.DE'
//Change system.secret-key to '<…>'

So Sentry is installed and configured.

5. Install letsencrypt

Make sure snap core is up to date and download certbot for letsencrypt

sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot

Execute the following instruction on the command line on the machine to ensure that the certbot command can be run.

sudo ln -s /snap/bin/certbot /usr/bin/certbot

First run the command to accept the terms and enter your mail address for certification process

sudo certbot --apache

Now everything is ready for letsencrypt certification process. You can get the certificate for your hostname with the command. Enter 1 for “Apache Web Server plugin (apache)”

sudo certbot certonly -d SENTRYDOMAIN.de

6. Create apache vhost and secure them with ssl

Next just configure the Apache webserver to serve the sentry create a new configuration file. Just edit YOUR_HOST_NAME with your hostname:

sudo mcedit /etc/apache2/sites-available/YOUR_HOST_NAME.conf 
 NameVirtualHost *:443
 <VirtualHost *:443>
 SSLEngine on
 ServerAdmin root@localhost
 ServerName YOUR_HOST_NAME
 SSLProxyEngine On
 ProxyPass / http://localhost:9000/
 ProxyPassReverse / http://localhost:9000/
     SSLCertificateFile /etc/letsencrypt/live/YOUR_HOST_NAME/fullchain.pem
     SSLCertificateKeyFile /etc/letsencrypt/live/YOUR_HOST_NAME/privkey.pem
 Include /etc/letsencrypt/options-ssl-apache.conf
 </VirtualHost>

Enable the apache sentry configuration and restart the apache web server:

sudo ln -s /etc/apache2/sites-available/YOUR_HOST_NAME.conf /etc/apache2/sites-enabled/100-YOUR_HOST_NAME.conf
sudo a2enmod ssl proxy proxy_http proxy_ajp
sudo service apache2 restart

Start sentry in docker and apply config changes

cd /opt/sentry/onpremise/
./install.sh
sudo docker compose up -d

fine

Leave a Comment