Skip to content
This repository was archived by the owner on Aug 14, 2024. It is now read-only.

docs(onpremise): Document adding custom CA roots #369

Merged
merged 5 commits into from
Jul 30, 2021
Merged

docs(onpremise): Document adding custom CA roots #369

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
e959403
docs(onpremise): Document adding custom CA roots
Spice-King Jul 1, 2021
5205e43
Picking a few nits
chadwhitacre Jul 16, 2021
9e23d40
A couple more small changes
chadwhitacre Jul 16, 2021
c1c71dc
Add links and note on relation to defaults
chadwhitacre Jul 16, 2021
2c51d57
Apply suggestions from code review
BYK Jul 30, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions src/components/sidebar.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,7 @@ export default () => {
</div>
<ul className="list-unstyled" data-sidebar-tree>
<SidebarLink to="/self-hosted/">Overview</SidebarLink>
<SidebarLink to="/self-hosted/custom-ca-roots/">Custom CA Roots</SidebarLink>
<SidebarLink to="/self-hosted/email/">Email</SidebarLink>
<SidebarLink to="/self-hosted/geolocation/">Geolocation</SidebarLink>
<SidebarLink to="/self-hosted/sso/">Single Sign-On (SSO)</SidebarLink>
Expand Down
22 changes: 22 additions & 0 deletions src/docs/self-hosted/custom-ca-roots.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
---
title: "Self-Hosted Custom CA Roots"
---

Starting with Sentry `21.8.0`, if you need to have Sentry access services which do not have TLS certificates from publicly trusted CA roots, it's now possible to easily add them to the containers. Just add the certificates to the `certificates` folder inside the root of your Sentry install and restart the containers. Your custom CA roots will be used in addition to the publicly trusted CA roots.

<Alert title="Note" level="info">
While you can run <a href="https://manpages.debian.org/buster/ca-certificates/update-ca-certificates.8.en.html"><code>update-ca-certificates</code></a> in each container, that will update the system's root bundle on disk, but does nothing for any copies in memory. Restarting the container will update the bundle and make sure it is used.
</Alert>

The container's logs will have the output from `update-ca-certificates` right at the start if there is a problem with a given certificate.

## Dependencies With Bundled Roots

Some dependencies have opted to bundle their own CA roots and ignore the system CA roots. Where known, they have been configured to use the system roots. If something seems to ignore the system roots, [create an issue](https://github.com/getsentry/onpremise/issues/new?template=bug.yml) so it can be tracked down and fixed.

### Overridden Bundled Roots

- Python
- `requests`
- `botocore`
- `grpc`
1 change: 1 addition & 0 deletions src/docs/self-hosted/index.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ You can find more about configuring Sentry at [the configuration section of our

Here is further information on specific configuration topics related to self-hosting:

- [Custom CA Roots](/self-hosted/custom-ca-roots/)
- [Email](/self-hosted/email/)
- [Geolocation](/self-hosted/geolocation/)
- [Single Sign-On (SSO)](/self-hosted/sso/)
Expand Down