Cannot telnet 2 servers through 9200 port

longtruonghnn · April 25, 2022, 5:41am

Hi all, i was deploy Vault and my project to 2 servers (A- Vault, B - my project), i wanna call B to A through 9200 port, but always response error : connection timeout, however when i called from local to A always had response data,
ps: my English not good, sorry about that
here is my Vault.hcl

default_lease_ttl = “24h”
disable_mlock = “true”
max_lease_ttl = “43800h”

backend “file” {
path = “/home/vault/config/data”
}

api_addr = “https://localhost:9200”
ui = “true”

plugin_directory = “/home/vault/plugins”
listener “tcp” {
address = “0.0.0.0:9200”
tls_cert_file = “/home/vault/config/vault.crt”
tls_client_ca_file = “/home/vault/config/root.crt”
tls_key_file = “/home/vault/config/vault.key”
}

my entrypoint.sh

#!/bin/bash

CONFIG_DIR=“/home/vault/config”
INIT_SCRIPT=“/home/vault/config/init.sh”
CA_CERT=“$CONFIG_DIR/root.crt”
CA_KEY=“$CONFIG_DIR/root.key”
TLS_KEY=“$CONFIG_DIR/vault.key”
TLS_CERT=“$CONFIG_DIR/vault.crt”
OPENSSL_CONFIG=“$CONFIG_DIR/vault.cnf”
CSR=“$CONFIG_DIR/vault.csr”

export VAULT_ADDR=“https://127.0.0.1:9200”
export VAULT_CACERT=“$CA_CERT”

function create_config {

cat > “$OPENSSL_CONFIG” << EOF

[req]
default_bits = 2048
encrypt_key = no
default_md = sha256
prompt = no
utf8 = yes

Speify the DN here so we aren’t prompted (along with prompt = no above).

distinguished_name = req_distinguished_name

Extensions for SAN IP and SAN DNS

req_extensions = v3_req

Be sure to update the subject to match your organization.

[req_distinguished_name]
C = US
ST = Maryland
L = x
O =x
CN = localhost

Allow client and server auth. You may want to only allow server auth.

Link to SAN names.

[v3_req]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
keyUsage = digitalSignature, keyEncipherment
extendedKeyUsage = clientAuth, serverAuth
subjectAltName = @alt_names

Alternative names are specified as IP.# and DNS.# for IPs and

DNS accordingly.

[alt_names]
IP.1 = 127.0.0.1
DNS.1 = localhost
IP.2 = my ip
DNS.2 = localhost
IP.3 = my ip
DNS.3 = localhost
IP.4 =my ip
DNS.4 = localhost
IP.5 = my ipPreformatted text
DNS.5 = localhost
IP.6 = 0.0.0.0
DNS.6 = localhost
EOF
}

function gencerts {
create_config
openssl req
-new
-sha256
-newkey rsa:2048
-days 120
-nodes
-x509
-subj “/C=US/ST=Maryland/L=Immutability/O=Immutability LLC”
-keyout “$CA_KEY”
-out “$CA_CERT”

openssl genrsa -out “$TLS_KEY” 2048

openssl req
-new -key “$TLS_KEY”
-out “$CSR”
-config “$OPENSSL_CONFIG”

openssl x509
-req
-days 120
-in “$CSR”
-CA “$CA_CERT”
-CAkey “$CA_KEY”
-CAcreateserial
-sha256
-extensions v3_req
-extfile “$OPENSSL_CONFIG”
-out “$TLS_CERT”

openssl x509 -in “$TLS_CERT” -noout -text
chown -R nobody:nobody $CONFIG_DIR && chmod -R 777 $CONFIG_DIR
}

mkdir -p $CONFIG_DIR
gencerts

nohup vault server -log-level=debug -config /home/vault/config/vault.hcl &

VAULT_PID=$!

which bash
sleep 3
if [ -f “$INIT_SCRIPT” ]; then
/bin/bash $INIT_SCRIPT
fi

wait $VAULT_PID