diff --git a/site-modules/profile/manifests/sentry.pp b/site-modules/profile/manifests/sentry.pp
index f8e843d4..c1888218 100644
--- a/site-modules/profile/manifests/sentry.pp
+++ b/site-modules/profile/manifests/sentry.pp
@@ -1,121 +1,122 @@
 # Deploy a Sentry instance
 class profile::sentry {
   include profile::docker
   include profile::docker_compose
 
   $onpremise_dir = '/var/lib/sentry-onpremise'
   $onpremise_repo = 'https://forge.softwareheritage.org/source/getsentry-onpremise.git'
   $onpremise_repo_branch = 'softwareheritage'
 
   vcsrepo {$onpremise_dir:
     ensure   => latest,
     provider => 'git',
     source   => $onpremise_repo,
     revision => $onpremise_repo_branch,
     notify   => [
       File_Line['sentry_environment_kafka'],
       Exec['run sentry-onpremise install.sh'],
     ],
   }
 
   $requirements_file = "${onpremise_dir}/sentry/requirements.txt"
   $config_yml = "${onpremise_dir}/sentry/config.yml"
   $config_py = "${onpremise_dir}/sentry/sentry.conf.py"
 
   file {$requirements_file:
     ensure  => present,
     owner   => 'root',
     group   => 'root',
     mode    => '0644',
     content => template('profile/sentry/requirements.txt.erb'),
     require => Vcsrepo[$onpremise_dir],
     notify  => Exec['run sentry-onpremise install.sh'],
   }
 
   # variables for config.yml
   $secret_key = lookup('sentry::secret_key')
+  $vhost_name = lookup('sentry::vhost::name')
 
   file {$config_yml:
     ensure => present,
     owner   => 'root',
     group   => 'root',
     mode    => '0600',
     content => template('profile/sentry/config.yml.erb'),
     require => Vcsrepo[$onpremise_dir],
     notify  => Exec['run sentry-onpremise install.sh'],
   }
 
   #####
   # variables for sentry.conf.py
   # postgresql
   $postgres_host = lookup('sentry::postgres::host')
   $postgres_port = lookup('sentry::postgres::port')
   $postgres_dbname = lookup('sentry::postgres::dbname')
   $postgres_user = lookup('sentry::postgres::user')
   $postgres_password = lookup('sentry::postgres::password')
 
   # kafka
   $kafka_clusters = lookup('kafka::clusters', Hash)
   $kafka_cluster = lookup('sentry::kafka_cluster')
   $kafka_bootstrap_servers = $kafka_clusters[$kafka_cluster]['brokers'].keys.join(',')
 
   #####
   file {$config_py:
     ensure => present,
     owner   => 'root',
     group   => 'root',
     mode    => '0600',
     content => template('profile/sentry/sentry.conf.py.erb'),
     require => Vcsrepo[$onpremise_dir],
     notify  => Exec['run sentry-onpremise install.sh'],
   }
 
   file_line {'sentry_environment_kafka':
     ensure  => present,
     path    => "${onpremise_dir}/.env",
     match   => '^DEFAULT_BROKERS=',
     line    => "DEFAULT_BROKERS=${kafka_bootstrap_servers}",
     require => Vcsrepo[$onpremise_dir],
     notify  => Exec['run sentry-onpremise install.sh'],
   }
 
   $onpremise_flag = "${onpremise_dir}-installed"
   $onpremise_log = "/var/log/sentry-onpremise-install.log"
 
   exec {'check sentry-onpremise install flag':
     command  => 'true',
     unless   => "bash -c '[[ \"$(cat ${onpremise_flag})\" = \"$(git rev-parse HEAD)\" ]]'",
     cwd      => $onpremise_dir,
     path     => ['/usr/local/sbin', '/usr/local/bin', '/usr/sbin', '/usr/bin', '/sbin:/bin'],
     notify   => Exec['run sentry-onpremise install.sh'],
   }
 
   exec {'run sentry-onpremise install.sh':
     command     => "rm -f ${onpremise_flag}; (./install.sh && git rev-parse HEAD > ${onpremise_flag}) | tee -a ${onpremise_log}",
     timeout     => 0,
     provider    => shell,
     cwd         => $onpremise_dir,
     path        => ['/usr/local/sbin', '/usr/local/bin', '/usr/sbin', '/usr/bin', '/sbin:/bin'],
     environment => ["CI=yes"],
     refreshonly => true,
     require     => [
       Class['profile::docker'],
       Package['docker-compose'],
       File[$requirements_file, $config_yml, $config_py],
     ],
     notify      => Exec['start sentry-onpremise docker compose'],
   }
 
   exec {'start sentry-onpremise docker compose':
     command     => 'docker-compose up -d',
     timeout     => 0,
     cwd         => $onpremise_dir,
     path        => ['/usr/local/sbin', '/usr/local/bin', '/usr/sbin', '/usr/bin', '/sbin:/bin'],
     refreshonly => true,
     require     => [
       Class['profile::docker'],
       Package['docker-compose'],
       File[$requirements_file, $config_yml, $config_py],
     ],
   }
 }
diff --git a/site-modules/profile/templates/sentry/config.yml.erb b/site-modules/profile/templates/sentry/config.yml.erb
index 098ced01..18cdd169 100644
--- a/site-modules/profile/templates/sentry/config.yml.erb
+++ b/site-modules/profile/templates/sentry/config.yml.erb
@@ -1,73 +1,76 @@
 # File managed by puppet (module profile::sentry), modifications will be lost!
 
 # While a lot of configuration in Sentry can be changed via the UI, for all
 # new-style config (as of 8.0) you can also declare values here in this file
 # to enforce defaults or to ensure they cannot be changed via the UI. For more
 # information see the Sentry documentation.
 
 ###############
 # Mail Server #
 ###############
 
 # mail.backend: 'smtp'  # Use dummy if you want to disable email entirely
 mail.host: 'smtp'
 # mail.port: 25
 # mail.username: ''
 # mail.password: ''
 # mail.use-tls: false
 # The email address to send on behalf of
 # mail.from: 'root@localhost'
 
 # If you'd like to configure email replies, enable this.
 # mail.enable-replies: true
 
 # When email-replies are enabled, this value is used in the Reply-To header
 # mail.reply-hostname: ''
 
 # If you're using mailgun for inbound mail, set your API key and configure a
 # route to forward to /api/hooks/mailgun/inbound/
 # Also don't forget to set `mail.enable-replies: true` above.
 # mail.mailgun-api-key: ''
 
 ###################
 # System Settings #
 ###################
 
 # If this file ever becomes compromised, it's important to regenerate your a new key
 # Changing this value will result in all current sessions being invalidated.
 # A new key can be generated with `$ sentry config generate-secret-key`
 system.secret-key: '<%= @secret_key %>'
 
+# Sentry URL prefix
+system.url-prefix: 'https://<%= @vhost_name %>'
+
 # The ``redis.clusters`` setting is used, unsurprisingly, to configure Redis
 # clusters. These clusters can be then referred to by name when configuring
 # backends such as the cache, digests, or TSDB backend.
 # redis.clusters:
 #   default:
 #     hosts:
 #       0:
 #         host: 127.0.0.1
 #         port: 6379
 
 ################
 # File storage #
 ################
 
 # Uploaded media uses these `filestore` settings. The available
 # backends are either `filesystem` or `s3`.
 
 filestore.backend: 'filesystem'
 filestore.options:
   location: '/var/lib/sentry/files'
 
 # filestore.backend: 's3'
 # filestore.options:
 #   access_key: 'AKIXXXXXX'
 #   secret_key: 'XXXXXXX'
 #   bucket_name: 's3-bucket-name'
 
 system.internal-url-prefix: 'http://web:9000'
 symbolicator.enabled: true
 symbolicator.options:
   url: "http://symbolicator:3021"
 
 transaction-events.force-disable-internal-project: true