diff --git a/src/components/sidebar.tsx b/src/components/sidebar.tsx index e58398dd0f..66d22d609c 100644 --- a/src/components/sidebar.tsx +++ b/src/components/sidebar.tsx @@ -112,7 +112,8 @@ export default () => { Geolocation Single Sign-On (SSO) Content Security Policy (CSP) - Reverse Proxy + Reverse Proxy + External Storage Troubleshooting Support diff --git a/src/docs/self-hosted/external-storage.mdx b/src/docs/self-hosted/external-storage.mdx new file mode 100644 index 0000000000..12e8d76616 --- /dev/null +++ b/src/docs/self-hosted/external-storage.mdx @@ -0,0 +1,84 @@ +--- +title: External Storage +--- + +In some cases, storing Sentry data on-disk is not really something people can do. Sometimes, it's better if they can offload it into some bucket storage (like AWS S3 or Google Cloud Storage). + + + After changing configuration files, re-run the ./install.sh script, to rebuild and restart the containers. See the configuration section for more information. + + +## Sentry + +The Sentry service has a abstraction called "filestore" that handles storing attachment, sourcemap (release artifacts), and replays. Filestore configuration for Sentry should be configured on the `sentry/config.yml` file. + +### Google Cloud Storage backend + +The configuration for GCS backend is pointed to `sentry.filestore.gcs.GoogleCloudStorage`. You will need to set `GOOGLE_APPLICATION_CREDENTIALS` environment variable. For more information, refer to the [Google Cloud documentation for setting up authentication](https://cloud.google.com/storage/docs/reference/libraries#setting_up_authentication). + +```yaml +filestore.backend: "gcs" +filestore.options: + bucket_name: "..." +``` + +### S3 backend + + + Although S3 support is available, it is not thoroughly tested and being used by Sentry SaaS internally. Therefore, it is not something that Sentry folks will offer very good support for it. + + +The configuration for S3-compatible backend is pointed to `sentry.filestore.s3.S3Boto3Storage`. + +```yaml +filestore.backend: 's3' +filestore.options: + bucket_acl: 'private' + default_acl: 'private' + access_key: '' + secret_key: '' + bucket_name: 'my-bucket' + region_name: 'auto' + endpoint_url: 'https://' # If you're not using AWS. + addressing_style: 'path' # For regular AWS S3, use "auto" or "virtual". For other S3-compatible API like MinIO or Ceph, use "path". + signature_version: 's3v4' +``` + +Refer to [botocore configuration](https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html) for valid configuration values. + +## Vroom + +Vroom is the service that handles profiling. By default the data for profiling is saved on local filesystem. On self-hosted deployment, this should be done by overriding the `SENTRY_BUCKET_PROFILES` environment variable. It's also possible that additional environment variables should be added, depending on the backend of choice. + +### Google Cloud Storage backend + +You will need to set `GOOGLE_APPLICATION_CREDENTIALS` environment variable. For more information, refer to the [Google Cloud documentation for setting up authentication](https://cloud.google.com/storage/docs/reference/libraries#setting_up_authentication). + +```bash +gs://my-bucket +``` + +### S3 backend + + + Although S3 support is available, it is not thoroughly tested and being used by Sentry SaaS internally. Therefore, it is not something that Sentry folks will offer very good support for it. + + +```bash +# For regular AWS S3 +s3://my-bucket?awssdk=v1®ion=us-west-1&endpoint=amazonaws.com + +# For other S3-compatible APIs +s3://my-bucket?awssdk=v1®ion=any-region&endpoint=minio.yourcompany.com&s3ForcePathStyle=true&disableSSL +``` + +Additional environment variables should be provided: +- `AWS_ACCESS_KEY=foobar` +- `AWS_SECRET_KEY=foobar` +- `AWS_SESSION_TOKEN=foobar` (optional) + +Further explanation on the query string options: +- `region`: The AWS region for requests. +- `endpoint`: The endpoint URL (hostname only or fully qualified URI). +- `disableSSL`: A value of "true" disables SSL when sending requests. +- `s3ForcePathStyle`: A value of "true" forces the request to use path-style addressing.