Error while sending envelope from app in a docker image

[UltimateDoge5]

Environment

I'm running my app on my own Dockerimage with ffmpeg.

App works fine on my windows machine and local linux server.

Rust deps

[dependencies]
tokio = { version = "1.38.0", features = ["full"] }
tower = { version = "0.4.13", features = ["util"] }
futures = "0.3.30"
sentry = "0.34.0"
sentry-tracing = "0.34.0"
sentry-tower = { version = "0.34.0", features = ["axum", "http"] }
tower-http = { version = "0.5.0", features = ["cors", "limit", "trace"] }
axum = { version = "0.7.5", features = ["multipart", "macros"] }
rand = "0.9.0-alpha.1"
serde = { version = "1.0.203", features = ["derive"] }
tracing = "0.1.40"
tracing-subscriber = { version = "0.3.18", features = ["env-filter"] }
log = "0.4.21"
uuid = { version = "1.8.0", features = ["v4"] }

Dockerfile

# syntax=docker/dockerfile:1
# Create a stage for building the application.

ARG RUST_VERSION=1.78.0
ARG APP_NAME=audio_shuffle
ARG PORT
ARG ENV=production
ARG RUST_LOG=info

FROM rust:${RUST_VERSION}-slim-bullseye AS build
ARG APP_NAME
WORKDIR /app
COPY . .

# Build the application.
# Leverage a cache mount

# Get openssl so the app can build
RUN apt-get -y update && apt-get -y upgrade && apt-get install -y --no-install-recommends libssl-dev pkg-config

RUN --mount=type=cache,id=s/69f38038-80cf-45da-9f9a-fda197035839-/root/cargo/git,target=/root/.cargo/git\
     --mount=type=cache,id=s/69f38038-80cf-45da-9f9a-fda197035839-/root/cargo/registry,target=/root/.cargo/registry\
     --mount=type=cache,id=s/69f38038-80cf-45da-9f9a-fda197035839-target,target=/app/target

RUN cargo build --locked --release
RUN cp ./target/release/$APP_NAME /bin/server


FROM debian:bullseye-slim AS final

# Install ffmpeg
# Installing openssl doesn't seem to fix things while running
RUN apt-get -y update && apt-get -y upgrade && apt-get install -y --no-install-recommends ffmpeg libssl-dev pkg-config

# Create a non-privileged user that the app will run under.
# See https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user
ARG UID=10001
RUN adduser \
    --disabled-password \
    --gecos "" \
    --home "/nonexistent" \
    --shell "/sbin/nologin" \
    --no-create-home \
    --uid "${UID}" \
    appuser
USER appuser

# Copy the executable from the "build" stage.
COPY --from=build /bin/server /bin/

# Expose the port that the application listens on.
EXPOSE $PORT

# For testing purposes
EXPOSE 3000

# What the container should run when it is started.
CMD ["/bin/server"]

Steps to Reproduce

1. Run the app in a docker container

Expected Result

Envelopes should be sent to the dsn successfuly.

Actual Result

Envelopes fail to be sent and silently fail.

Here are my logs from a locally hosted docker container

2024-06-13 18:44:28 2024-06-13T16:44:28.144595Z  INFO audio_shuffle: Working in dev environment
2024-06-13 18:44:28 2024-06-13T16:44:28.144811Z DEBUG audio_shuffle: Listening on port 3000
2024-06-13 18:44:28 [sentry] enabled sentry client for DSN (https://...)
2024-06-13 18:44:39 [sentry] Failed to send envelope: error sending request for url (https://...)
2024-06-13 18:44:39 [sentry] Failed to send envelope: error sending request for url (https://...)

main.rs

use std::env;
use axum::Router;
use axum::extract::DefaultBodyLimit;
use axum::http::{HeaderValue, Method};
use axum::routing::{get, post};
use sentry_tower::{NewSentryLayer, SentryHttpLayer};
use sentry_tracing::EventFilter;
use tokio::net::TcpListener;
use tower::ServiceBuilder;
use tower_http::cors::{Any, CorsLayer};
use tower_http::limit::RequestBodyLimitLayer;
use tracing::{info, debug};
use tracing_subscriber::layer::SubscriberExt;
use tracing_subscriber::util::SubscriberInitExt;
use crate::handlers::handle_audio;

mod decode;
mod stitch;
mod handlers;
mod transformer;

fn main() {
	let _guard = sentry::init(("https://...", sentry::ClientOptions {
		release: sentry::release_name!(),
		debug: true,
		sample_rate: 1.0,
		traces_sample_rate: 1.0,
		environment: Some(env::var("ENV").unwrap_or("dev".to_string()).into()),
		..Default::default()
	}));

	let sentry_layer = sentry_tracing::layer().event_filter(|md| match md.level() {
		&tracing::Level::ERROR => EventFilter::Event,
		_ => EventFilter::Ignore,
	});

	tracing_subscriber::registry()
		.with(
			tracing_subscriber::EnvFilter::try_from_default_env()
				.unwrap_or_else(|_| "audio_shuffle=debug".into()),
		)
		.with(tracing_subscriber::fmt::layer())
		.with(sentry_layer)
		.init();

	tokio::runtime::Builder::new_multi_thread()
		.enable_all()
		.build()
		.unwrap()
		.block_on(async {
			info!("Working in {} environment", env::var("ENV").unwrap_or("dev".to_string()));
			let allowed_origins = if env::var("ENV").unwrap_or("dev".to_string()) == "production" { "https://audio-shuffle.pages.dev" } else { "*" };

			//Create the tmp directory if it doesn't exist
			tokio::fs::create_dir("tmp").await.ok();

			let sentry_layer = ServiceBuilder::new()
				.layer(NewSentryLayer::new_from_top())
				.layer(SentryHttpLayer::with_transaction());x

			let app = Router::new()
				.route("/", get(|| async { "Yes I'm here" }))
				.route("/audio", post(handle_audio))
				.layer(DefaultBodyLimit::disable())
				.layer(RequestBodyLimitLayer::new(
					100 * 1024 * 1024, // 100 MB
				))
				.layer(CorsLayer::new()
					.allow_origin(allowed_origins.parse::<HeaderValue>().unwrap())
					.allow_methods([Method::POST, Method::OPTIONS])
					.allow_headers(Any)
				)
				.layer(sentry_layer);

			let port = env::var("PORT").unwrap_or("3000".to_string());
			debug!("Listening on port {}", port);
			let listener = TcpListener::bind(format!("0.0.0.0:{}", port)).await.unwrap();
			axum::serve(listener, app).await.unwrap();
		})
}

[UltimateDoge5]

After comparing the installed apt packages between my local server and the docker image, I ended up installing the ca-certificates package which fixed the problem. Though I still think that an error about failed sentry requests shouldn't fail silently.