Redirect doesn't use SSL

[bmaynard]

After upgrading from 3.8.X to 4.0.2, any redirects from sentry doesn't include https. I have the following setting in sentry.conf.py:

SENTRY_URL_PREFIX = 'https://sentry.blah.com'

but after an action that redirects eg: saving, it redirects to http://sentry.blah.com

[dcramer]

This is likely because the application doesn't realize you're actually using SSL (even though you've set the URL prefix). This is currently a known issue that
not everything respects SENTRY_URL_PREFIX (but rather, many respect env[SCRIPT_NAME] and what not).

David Cramer

twitter.com/zeeg
disqus.com/zeeg

On Monday, April 16, 2012 at 8:59 AM, Ben Maynard wrote:

After upgrading from 3.8.X to 4.0.2, any redirects from sentry doesn't include https. I have the following setting in sentry.conf.py:

SENTRY_URL_PREFIX = 'https://sentry.blah.com'

but after an action that redirects eg: saving, it redirects to http://sentry.blah.com

---

Reply to this email directly or view it on GitHub:
https://github.com/dcramer/sentry/issues/429

[ghost]

My above issue seems to have resolved itself after I upgraded from 4.0.10 to 4.0.11!

[yuris]

I'm still experiencing this issue

[jwineinger]

I am seeing this as well. I am hosting sentry via nginx with SSL at the root of a domain. When viewing the dashboard, clicking a project link redirects to http to display the project's stream.

I do have SENTRY_URL_PREFIX set to the appropriate https URL.

[llonchj]

same problem here w/Nginx + uWsgi + Sentry 5.4.5

[dcramer]

You'll need to do some special configuration for SSL

SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')

Then send the X_FORWARDED_PROTO header in Nginx

[llonchj]

David,

I must be doing something wrong, it does not work for me.

1. Added to the server section in nginx conf:

proxy_set_header X-Forwarded-Proto $scheme;

2. Added the SECURE_PROXY_SSL_HEADER to sentry.conf

Using uwsgi in emperor mode and by accessing https://${virtual_host_address} ends up redirecting to https://${fqdn}/login/

[pid: 10663|app: 0|req: 4/7] 116.250.217.134 () {42 vars in 817 bytes} [Sun Jun 23 18:07:11 2013] GET / => generated 0 bytes in 5 msecs (HTTP/1.1 302) 4 headers in 160 bytes (1 switches on core 0)

Have you got any idea?
Thanks

[dcramer]

And you've also set SENTRY_URL_PREFIX ?

On Sunday, June 23, 2013 at 11:10 AM, Jordi Llonch wrote:

David,
I must be doing something wrong, it does not work for me.

1. Added to the server section in nginx conf:
   proxy_set_header X-Forwarded-Proto $scheme;
2. Added the SECURE_PROXY_SSL_HEADER to sentry.conf
   Using uwsgi in emperor mode and by accessing https://${virtual_host_address} ends up redirecting to https://${fqdn}/login/
   [pid: 10663|app: 0|req: 4/7] 116.250.217.134 () {42 vars in 817 bytes} [Sun Jun 23 18:07:11 2013] GET / => generated 0 bytes in 5 msecs (HTTP/1.1 302) 4 headers in 160 bytes (1 switches on core 0)
   Have you got any idea?
   Thanks

—
Reply to this email directly or view it on GitHub (#429 (comment)).

[llonchj]

Yes,

SENTRY_URL_PREFIX=https://${virtual_host_address}

It looks to me that internal redirections are not forwarded to the right url.

[dcramer]

And you've added everything per the documentation? http://sentry.readthedocs.org/en/latest/quickstart/index.html#setup-a-reverse-proxy

Otherwise if you could put your Nginx config here, that would help

[llonchj]

I am using uwsgi. Does proxy_* settings being honored under uwsgi_pass?

    location / {
        include uwsgi_params;
        uwsgi_pass unix:/run/uwsgi/sentry.sock;

        uwsgi_connect_timeout 180;
        uwsgi_send_timeout 300;
        uwsgi_read_timeout 600;
    }

I have found the recipe "Running the Sentry server via uWSGI" in http://projects.unbit.it/uwsgi/wiki/TipsAndTricks , works well under http but not in httpS

[dcramer]

You have to use the uwsgi proxy settings IIRC, but to be honest, it's not a documented method (for Sentry) so you're kind of on your own.

On Sunday, June 23, 2013 at 11:25 AM, Jordi Llonch wrote:

I am using uwsgi. Does proxy_* settings being honored under uwsgi_pass?
location / { include uwsgi_params; uwsgi_pass unix:/run/uwsgi/sentry.sock; uwsgi_connect_timeout 180; uwsgi_send_timeout 300; uwsgi_read_timeout 600; }
I have found the recipe "Running the Sentry server via uWSGI" in http://projects.unbit.it/uwsgi/wiki/TipsAndTricks , works well under http but not in httpS

—
Reply to this email directly or view it on GitHub (#429 (comment)).

[llonchj]

Thanks @dcramer, I'll try and come back to you with the outcome if you're interested to document and support the feature in Sentry.

[dcramer]

That would be great. We try to fully support embedded WSGI applications (via sentry.wsgi), it's just not something we document, so there's that possibility as well.

On Sunday, June 23, 2013 at 11:29 AM, Jordi Llonch wrote:

Thanks @dcramer (https://github.com/dcramer), I'll try and come back to you with the outcome if you're interested to document and support the feature in Sentry.

—
Reply to this email directly or view it on GitHub (#429 (comment)).

[llonchj]

That's the solution: add UWSGI_SCHEME into nginx as documented in http://stackoverflow.com/questions/7339666/unwanted-https-http-redirects-with-nginx-uwsgi-flask-app

uwsgi_param UWSGI_SCHEME $scheme;

I will fork sentry and contribute on the docs. English is not my main language, feel free to change anything after the PR.

Thanks for your help, @dcramer.