diff --git a/develop-docs/backend/application-domains/pii/index.mdx b/develop-docs/backend/application-domains/pii/index.mdx index 46ca1dc7f7ba3..60faf69d52210 100644 --- a/develop-docs/backend/application-domains/pii/index.mdx +++ b/develop-docs/backend/application-domains/pii/index.mdx @@ -68,39 +68,6 @@ some SDK. Go to our PII config editor [Piinguin], and: 3. Paste in other payloads and see if they look fine, go to step **2** if necessary. -After iterating on the config, paste it back into the project config located at -`.relay/projects/.json` - -For example: - -```json -{ - "publicKeys": [ - { - "publicKey": "___PUBLIC_KEY___", - "isEnabled": true - } - ], - "config": { - "allowedDomains": ["*"], - "piiConfig": { - "rules": { - "device_id": { - "type": "pattern", - "pattern": "d/[a-f0-9]{12}", - "redaction": { - "method": "hash" - } - } - }, - "applications": { - "freeform": ["device_id"] - } - } - } -} -``` - [advanced data scrubbing]: https://docs.sentry.io/product/data-management-settings/scrubbing/advanced-datascrubbing/ [relay]: https://github.com/getsentry/relay [piinguin]: https://getsentry.github.io/piinguin diff --git a/docs/product/relay/getting-started.mdx b/docs/product/relay/getting-started.mdx index 04c8e2263e5b7..1eddbe93d7565 100644 --- a/docs/product/relay/getting-started.mdx +++ b/docs/product/relay/getting-started.mdx @@ -55,12 +55,6 @@ _"create custom config"_ and customizing these parameters: - The `mode` setting, which configures the major mode in which Relay operates. For more information on available Relay modes, refer to [Relay Modes](../modes/). - - - Currently, only `proxy` and `static` mode are available to all organizations. Relay in `managed` mode is available only on the [Business and Enterprise plans](https://sentry.io/pricing/). - - - - The `upstream` setting configures the server to which Relay will forward the events (by default the main `sentry.io` URL). @@ -96,7 +90,7 @@ Configurations are fully documented in [Configuration Options](../options/). -Not applicable in `proxy` or `static` mode. +Not applicable in `proxy` mode. @@ -120,7 +114,7 @@ Use the `public_key` to register your Relay with the upstream server when runnin -Not applicable in `proxy` or `static` mode. +Not applicable in `proxy` mode. diff --git a/docs/product/relay/index.mdx b/docs/product/relay/index.mdx index d843004d192c8..5dc0e8dc4d4d2 100644 --- a/docs/product/relay/index.mdx +++ b/docs/product/relay/index.mdx @@ -12,12 +12,6 @@ Relay is specifically designed to: - Improve event response time in regions with low bandwidth or limited connectivity - Act as an opaque proxy for organizations that restrict all HTTP communication to a custom domain name - - -Relay in `managed` mode is available only on the [Business and Enterprise plans](https://sentry.io/pricing/). - - - ## Use Cases for Relay Relay is designed to support organizations that have specific enterprise security requirements for data scrubbing of personally identifiable information (PII), response time, and enterprise domain management. diff --git a/docs/product/relay/modes/index.mdx b/docs/product/relay/modes/index.mdx index e8ce65dab5e59..0598eab945190 100644 --- a/docs/product/relay/modes/index.mdx +++ b/docs/product/relay/modes/index.mdx @@ -6,13 +6,7 @@ sidebar_order: 2 Relay can operate in one of several major modes, and it is critical to understand the modes prior if you are configuring the Relay server rather than using the default settings. -The mode is stored in the configuration file, which contains the `relay.mode` field. This field specifies the mode in which Relay will run: `managed`, `static`, or `proxy`. The Relay mode controls the way Relay obtains project settings for events. - - - -Relay in `managed` mode is available only on the [Business and Enterprise plans](https://sentry.io/pricing/). - - +The mode is stored in the configuration file, which contains the `relay.mode` field. This field specifies the mode in which Relay will run: `managed` or `proxy`. The Relay mode controls whether or not Relay obtains project settings for events. In Sentry, event processing is configured according to both project and organization settings. Some settings, such as privacy controls, are set at the organization level, then inherited by all projects in that organization; other settings are specified per project. For Relay, events are processed according to the inherited project settings to which the event is sent. @@ -34,43 +28,13 @@ relay: mode: managed ``` -## Static Mode - -In static mode, projects must be configured manually. In this mode, Relay will process events for only statically configured projects, and reject events for all other projects. - -This mode is useful when you know the projects sending events and you need to explicitly control the projects allowed to send events through this Relay. - - - -In `static` mode, Relay does not register with upstream since it does not query -information from it. After processing events for configured projects, it -forwards them upstream with the authentication information (DSN) set by -the client that sent the original request. - - - -To activate static mode, set this configuration: - -```yaml -relay: - mode: static -``` - -To configure projects, add files using the format `projects/.json` to your Relay configuration folder. For a description of the contents of this file, -refer to [Project Configuration](/product/relay/projects/). - ## Proxy Mode -Proxy mode is similar to `static` mode, but it forwards events from unknown -projects. In this mode, events for statically configured projects are handled -identically to `static` mode. Events for unknown projects -- projects for which -there are no statically configured settings -- are forwarded (proxied) with -minimal processing. +Proxy mode forwards all events with minimal processing and does not receive any project settings from Sentry. -Rate limiting is still applied in `proxy` mode for all projects, -regardless of whether they are statically configured or proxied. +Rate limiting is still applied in `proxy` mode for all projects. @@ -80,3 +44,8 @@ To activate proxy mode, set this configuration: relay: mode: proxy ``` + +## Static Mode + +Static mode has been deprecated as of Relay version 25.9.0. Please use `managed` or `proxy` mode instead. When switching to `managed` mode don't forget to migrate any data scrubbing rules in your config directory by [configuring them in the Sentry UI](/security-legal-pii +/scrubbing/). diff --git a/docs/product/relay/modes/pii-and-data-scrubbing.mdx b/docs/product/relay/modes/pii-and-data-scrubbing.mdx deleted file mode 100644 index 13cb8009fb9cd..0000000000000 --- a/docs/product/relay/modes/pii-and-data-scrubbing.mdx +++ /dev/null @@ -1,97 +0,0 @@ ---- -title: PII and Data Scrubbing in Relay Static Mode -description: "Syntax and semantics of the configuration for advanced data scrubbing, as consumed and executed by Relay." -sidebar_order: 7 ---- - -The following document explores the syntax and semantics of the configuration for [Advanced Data Scrubbing], as consumed and executed by [Relay]. Sometimes, this is also referred to as PII scrubbing. - - - -This guide applies when you are running Relay in [Static Mode](/product/relay/modes/), and you do not want sensitive data to leave your premises. -If you are running Managed Mode, _or_ you are OK with sensitive data being scrubbed by Sentry's own servers, refer to [Server-Side Data Scrubbing](/security-legal-pii/scrubbing/server-side-scrubbing/) instead. - - - -## A Basic Example - -If you have an exception message which contains IP addresses that are not supposed to be there, you'd write: - -```json -{ - "applications": { - "$string": ["@ip:replace"] - } -} -``` - -It reads as "replace all IP addresses in all strings", or "apply `@ip:replace`to all `$string` fields". - -`@ip:replace` is called a rule, and `$string` is a selector. - -## Built-in Rules - -The following rules exist by default: - -- `@ip:replace` and `@ip:hash` for replacing IP addresses. -- `@imei:replace` and `@imei:hash` for replacing IMEIs. -- `@mac:replace`, `@mac:mask` and `@mac:hash` for matching MAC addresses. -- `@email:mask`, `@email:replace` and `@email:hash` for matching email addresses. -- `@creditcard:mask`, `@creditcard:replace` and `@creditcard:hash` for matching credit card numbers. -- `@userpath:replace` and `@userpath:hash` for matching local paths (e.g.`C:/Users/foo/`). -- `@password:remove` for removing passwords. In this case, we're pattern matching against the field's key, whether it contains `password`, `credentials`, or similar strings. -- `@anything:remove`, `@anything:replace` and `@anything:hash` for removing, replacing, or hashing any value. It's essentially equivalent to a wildcard-regex, but will also match more than strings. - -## Writing Your Own Rules - -Rules generally consist of two parts: - -- _Rule types_ describe what to match. See PII Rule Types for an exhaustive list. -- _Rule redaction methods_ describe what to do with the match. See PII Redaction Methods for a list. - -Each page has examples. Try them by pasting them into the -"PII config" column of [Piinguin] and clicking on fields to get suggestions. - -## Interactive Editing - -The easiest way to go about this is if you already have a raw JSON payload from some SDK. Go to our PII config editor [Piinguin], and: - -1. Paste in a raw event -2. Click on data you want eliminated -3. Paste in other payloads and see if they look ok, go back to step **2** if necessary. - -After iterating on the config, paste it back into the project config located at `.relay/projects/.json` - -For example: - -```json -{ - "publicKeys": [ - { - "publicKey": "___PUBLIC_KEY___", - "isEnabled": true - } - ], - "config": { - "allowedDomains": ["*"], - "piiConfig": { - "rules": { - "device_id": { - "type": "pattern", - "pattern": "d/[a-f0-9]{12}", - "redaction": { - "method": "hash" - } - } - }, - "applications": { - "freeform": ["device_id"] - } - } - } -} -``` - -[advanced data scrubbing]: /platform-redirect/?next=/data-management/advanced-datascrubbing/ -[relay]: https://github.com/getsentry/relay -[piinguin]: https://getsentry.github.io/piinguin diff --git a/docs/product/relay/options.mdx b/docs/product/relay/options.mdx index 40c8aa799295e..b1d8211dba74c 100644 --- a/docs/product/relay/options.mdx +++ b/docs/product/relay/options.mdx @@ -24,7 +24,7 @@ Credentials can be initiated as described in the [getting started page](/product | key | type | value | description | | -------------------------- | ------- | --------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| relay.mode | String | default value: `managed` possible values: `managed, static, proxy, capture` optional: `false` | Controls how Relay obtains the project configuration for events. For detailed explanation of these modes, see [Relay Modes](/product/relay/modes/). `Environment variable: "RELAY_MODE."` | +| relay.mode | String | default value: `managed` possible values: `managed, proxy` optional: `false` | Controls how Relay obtains the project configuration for events. For detailed explanation of these modes, see [Relay Modes](/product/relay/modes/). `Environment variable: "RELAY_MODE."` | | relay.upstream | String | default value: `https://sentry.io` optional: `false` | Fully qualified URL of the upstream Relay or Sentry instance. `Environment variable: "RELAY_UPSTREAM_URL".` Relay doesn't check for cycles. Don't set this option to an endpoint that will cause events to be cycled back here. | | relay.host | String | default value: `0.0.0.0 in Docker, otherwise 127.0.0.1` optional: `false` | The host to which Relay should bind (network interface). `Environment variable: "RELAY_HOST".` | | relay.port | Integer | default value: `3000` optional: `false` | The port to which Relay should bind for the unencrypted Relay HTTP server. `Environment variable: "RELAY_PORT".` | diff --git a/docs/product/relay/projects.mdx b/docs/product/relay/projects.mdx deleted file mode 100644 index acf53b1508099..0000000000000 --- a/docs/product/relay/projects.mdx +++ /dev/null @@ -1,106 +0,0 @@ ---- -title: Project Configuration -description: "Configure the project settings when running Relay in static or proxy mode." -sidebar_order: 4 ---- - -When running Relay in either `static` or `proxy` mode, you can configure project settings on the file system. Static project configurations are found under the `projects` subdirectory of the Relay configuration directory, By default, this is located at `.relay/projects`. - - - -Relay in `managed` mode is available only on the [Business and Enterprise plans](https://sentry.io/pricing/). - - - -To configure projects, add files named `.json` in that location: - -``` -.relay/ -└── projects/ - ├── 17.json - ├── 21.json - └── 42.json -``` - -Project configurations are an extensible format, primarily consisting of optional -fields. The minimal configuration **must** contain the following fields: - -```json -{ - "publicKeys": [ - { - "publicKey": "___PUBLIC_KEY___", - "isEnabled": true - } - ], - "config": { - "allowedDomains": ["*"] - } -} -``` - -## Basic Options - -`disabled` - -Whether the project is disabled. If set to `true`, the Relay will drop all -events sent to this project. - -```json -{ - "disabled": false -} -``` - -`publicKeys` - -A list of known public keys (the public key in a DSN) and whether events using -that key should be accepted. - -```json -{ - "publicKeys": [ - { - "publicKey": "___PUBLIC_KEY___", - "isEnabled": true - } - ] -} -``` - -You can obtain the key by going into the _Sentry > Project Settings > Client Keys (DSN)_ . The public key can be extracted from the DSN. In this DSN, for example, `https://12345abcdb1e4c123490ecec89c1f199@o1.ingest.sentry.io/2244`, the key is `12345abcdb1e4c123490ecec89c1f199`. - -A project may contain multiple public keys, but only messages using enabled project keys will be processed. Likewise, keys can be disabled using the `isEnabled` flag. - -`config.allowedDomains` - -Configure _Origin_ or _Referer_ URLs from which Sentry should accept events. -This is corresponds to the _Allowed Domains_ setting in the Sentry UI. - - - -An empty list rejects all origins. Use the default `["*"]` to allow all origins. - - - -```json -{ - "config": { - "allowedDomains": ["mycompany.com"] - } -} -``` - -`config.features` - -Some Sentry product features are disabled by default in Relay, either because they are still experimental or because they are not available on all plans. In static mode, these features have to be enabled manually if needed. - -```json -{ - "config": { - "features": ["organizations:session-replay"] - } -} -``` - -A full list of features you can enable can be found [here](https://getsentry.github.io/relay/relay_dynamic_config/enum.Feature.html#variants). diff --git a/src/middleware.ts b/src/middleware.ts index 544ff5347a40a..d84e86501bf50 100644 --- a/src/middleware.ts +++ b/src/middleware.ts @@ -2437,18 +2437,10 @@ const USER_DOCS_REDIRECTS: Redirect[] = [ from: '/product/security/relay/', to: '/product/relay/', }, - { - from: '/meta/relay/projects/', - to: '/product/relay/projects/', - }, { from: '/meta/relay/getting-started/', to: '/product/relay/getting-started/', }, - { - from: '/meta/relay/pii-and-data-scrubbing/', - to: '/product/relay/pii-and-data-scrubbing/', - }, { from: '/meta/relay/options/', to: '/product/relay/options/',