sentry 部署

一 准备：机器及域名

      * 机器： 阿里云ecs

      * 域名：sentry.domain.com   

二： 基础环境安装

* 安装 node version>=8.0

     curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -

     apt-get install -y nodejs

*  安装依赖库

 apt-get install -y python-virtualenv python-setuptools gcc python-dev libxslt1-dev  libffi-dev libjpeg-dev libxml2-dev libxslt-dev libyaml-dev

 apt-get install -y postgresql-server-dev-9.5 supervisor postgresql redis-server nginx

*  添加用户

sudo useradd -m sentry

*  初始化数据库

sudo su - postgres

psql template1

create extension citext;

create user sentry with password 'sentry';

create database sentrydb with owner sentry;

\q

exit

* 初始化sentry

 sudo su - sentry

virtualenv /opt/sentry

source /opt/sentry/bin/activate

pip install -U sentry

 sentry init

*  配置 sentry

vim /home/sentry/.sentry/sentry.conf.py

DATABASES = {

    'default': {

        'ENGINE': 'sentry.db.postgres',

        'NAME': 'sentrydb',

        'USER': 'sentry',

        'PASSWORD': 'sentry', # <-- or whatever you set with the psql command

        'HOST': 'localhost',

        'PORT': '5432',

    }

}

* sentry upgrade 设置管理员账户

* 设置sentry 守护进程

vim /etc/supervisor/conf.d/sentry.conf

[program:sentry-web]

directory=/opt/sentry/

environment=SENTRY_CONF="/home/sentry/.sentry"

command=/opt/sentry/bin/sentry run web

autostart=true

autorestart=true

redirect_stderr=true

user=sentry

stdout_logfile=syslog

stderr_logfile=syslog

[program:sentry-worker]

directory=/opt/sentry/

environment=SENTRY_CONF="/home/sentry/.sentry"

command=/opt/sentry/bin/sentry run worker

autostart=true

autorestart=true

redirect_stderr=true

user=sentry

stdout_logfile=syslog

stderr_logfile=syslog

[program:sentry-cron]

directory=/opt/sentry/

environment=SENTRY_CONF="/home/sentry/.sentry"

command=/opt/sentry/bin/sentry run cron

autostart=true

autorestart=true

redirect_stderr=true

stdout_logfile=syslog

stderr_logfile=syslog

*  使用nginx代理（启用ssl）

a:  编辑/home/sentry/.sentry/sentry.conf.py 启用以下部分

SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')

SESSION_COOKIE_SECURE = True

CSRF_COOKIE_SECURE = True

b:  编辑/etc/nginx/conf.d/sentry.conf

upstream sentry {

    server localhost:9000 weight=9;

}

server {

    listen      443 ssl;

    server_name  sentry.domain.com;

    client_max_body_size 50M;

    client_body_buffer_size 256k;

    ssl on;

    ssl_certificate    /etc/nginx/ssl/xxxx.pem;

    ssl_certificate_key /etc/nginx/ssl/xxxx.key;

    ssl_session_timeout 5m;

    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    ssl_prefer_server_ciphers on;

    access_log  /var/log/nginx/sentry.access.log;

    error_log  /var/log/nginx/sentry.error.log;

    proxy_set_header  Host                $http_host;

    proxy_set_header  X-Forwarded-Proto    $scheme;

    proxy_set_header  X-Forwarded-For      $remote_addr;

    proxy_redirect    off;

    location / {

        proxy_pass http://sentry;

        proxy_redirect  off;

        proxy_set_header  Host              $host;

        proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;

        proxy_set_header  X-Forwarded-Proto $scheme;

        add_header Strict-Transport-Security "max-age=31536000";

    }

}

server {

    listen  80;

    server_name sentry.domain.com;

    client_max_body_size 50M;

    location / {

      if ($request_method = GET) {

        rewrite  ^ https://$host$request_uri? permanent;

      }

      return 405;

    }

}

* 访问sentry https://sentry.domain.com