getsentry · aldy505 · May 12, 2024 · May 18, 2024 · May 18, 2024 · Jul 21, 2024
diff --git a/src/components/sidebar.tsx b/src/components/sidebar.tsx
@@ -116,7 +116,8 @@ export default () => {
           <SidebarLink to="/self-hosted/geolocation/">Geolocation</SidebarLink>
           <SidebarLink to="/self-hosted/sso/">Single Sign-On (SSO)</SidebarLink>
           <SidebarLink to="/self-hosted/csp/">Content Security Policy (CSP)</SidebarLink>
-          <SidebarLink to="/self-hosted/reverse-proxy">Reverse Proxy</SidebarLink>
+          <SidebarLink to="/self-hosted/reverse-proxy/">Reverse Proxy</SidebarLink>
+          <SidebarLink to="/self-hosted/external-storage/">External Storage</SidebarLink>
           <SidebarLink to="/self-hosted/troubleshooting/">Troubleshooting</SidebarLink>
           <SidebarLink to="/self-hosted/support/">Support</SidebarLink>
         </ul>

diff --git a/src/docs/self-hosted/external-storage.mdx b/src/docs/self-hosted/external-storage.mdx
@@ -0,0 +1,89 @@
+---
+title: External Storage
+---
+
+<!-- Hello! If you're reading this, you're in luck because I can't decide whether to make.. wait let me copy the text from Discord.
+
+  I got some time before Monday to write up some docs about setting up an S3 storage for selfhosted instance, but I can't decide whether I should put it under a big "External Services" page, in which people can include external postgres, external redis, and that kind of things; or should I put it under a page called "External Storage"?
+
+  There. Please help me decide this. I'll delete this comment afterwards -->
+
+<Alert title="Note" level="info">
+    After changing configuration files, re-run the <code>./install.sh</code> script, to rebuild and restart the containers. See the <Link to="/self-hosted/#configuration">configuration section</Link> for more information.
+</Alert>
+
+<!-- Should we add a description about what "external storage" is? -->
+
+## Filestore
-## Filestore
+## Django Filestore
-## Filestore
+## Django Filestore
+
+Filestore handles storing attachment, sourcemap, and replays. Filestore configuration for Sentry should be configured on the `sentry/config.yml` file.
+
+### S3 backend
+
+The configuration for S3-compatible backend is pointed to `sentry.filestore.s3.S3Boto3Storage`.
+
+```yaml
+filestore.backend: 's3'
+filestore.options:
+  bucket_acl: 'private'
+  default_acl: 'private'
+  access_key: '<REDACTED>'
+  secret_key: '<REDACTED>'
+  bucket_name: 'my-bucket'
+  region_name: 'auto'
+  endpoint_url: 'https://<REDACTED>'
+  addressing_style: 'path' # For regular AWS S3, use "auto" or "virtual". For other S3-compatible API like MinIO or Ceph, use "path".
+  signature_version: 's3v4'
+```
+
+Refer to [botocore configuration](https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html) for valid configuration values.
+
+<!-- ### Google Cloud Storage backend
+
+I don't know how this works. The source code that points to this configurations: 
+- https://github.com/getsentry/sentry/blob/751ef4a029dda5802311fc424a5f63d72b7efd3d/src/sentry/conf/server.py#L2149
+- https://github.com/getsentry/sentry/blob/751ef4a029dda5802311fc424a5f63d72b7efd3d/src/sentry/filestore/gcs.py#L226-L245 -->
+
+## Vroom
+
+Vroom is the service that handles profiling. By default the data for profiling is saved on local filesystem. On self-hosted deployment, this should be done by overriding the `SENTRY_BUCKET_PROFILES` environment variable. It's also possible that additional environment variables should be added, depending on the backend of choice.
+
+### S3 backend
+
+```bash
+# For regular AWS S3
+s3://my-bucket?awssdk=v1&region=us-west-1&endpoint=amazonaws.com
+
+# For other S3-compatible API
+s3://my-bucket?awssdk=v1&region=any-region&endpoint=minio.yourcompany.com&s3ForcePathStyle=true&disableSSL=false
+```
+
+Additional environment variables should be provided:
+- `AWS_ACCESS_KEY=foobar`
+- `AWS_SECRET_KEY=foobar`
+- `AWS_SESSION_TOKEN=foobar` (optional)
+
+Further explanation on the query string options:
+- `region`: The AWS region for requests.
+- `endpoint`: The endpoint URL (hostname only or fully qualified URI).
+- `disableSSL`: A value of "true" disables SSL when sending requests.
+- `s3ForcePathStyle`: A value of "true" forces the request to use path-style addressing.
+
+### Azure Blob Storage backend
+
+```bash
+azblob://my-container?protocol=https&domain=yourcompany.blob.core.windows.net&localemu=false&cdn=false
+```
+
+Additional environment variables that should be provided (pick what's compatible with your configuration):
+- `AZURE_STORAGE_ACCOUNT=foobar` - The service account name. Required if used along with `AZURE_STORAGE_KEY`, because it defines authentication mechanism to be [azblob.NewSharedKeyCredential](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/storage/azblob#NewSharedKeyCredential), which creates immutable shared key credentials. Otherwise, "storage_account" in the URL query string parameter can be used.
+- `AZURE_STORAGE_KEY=foobar` - To use a shared key credential alongside with `AZURE_STORAGE_ACCOUNT`.
+- `AZURE_STORAGE_SAS_TOKEN=foobar` - To use a SAS token
+
+Other authentication options and details can be found on the [gocloud.dev/blob/azblob's documentation](https://pkg.go.dev/[email protected]/blob/azureblob#hdr-URLs)
+
+Further explanation on the query string options:
+- `domain`: Your storage domain.
+- `protocol`: Network protocol (`http` or `https`).
+- `cdn`: A value of "true" specifies that the blob server is a CDN.
+- `localemu`: A value of "true" specifies that the blob server is a local emulator.