I try to run Vault with docker-compose on Virtual machine ubuntu 20.04 ( ip : 192.168.56.9 ). Without the https, already works fine, but when I try to put vault in https with self-signed certificat from openssl, it doesn’t works.
Thanks for the answer. I didn’t know that I had to copy/mount my certificates into my container… I’m beginner with Vault and docker.
So how do I proceed ? First I create my .key and my .csr and I can put them in a volume such as my " volume_test " ? Then when I run my docker-compose, my container will be set up with my volume “volume_test” with the .key and the .csr on it ?
Then I run vault server -config vault.hcl and I try to see if the https://192.168.56.9 is enabled, I’ve a message from firefox about the fact that my certificate is not sur because self-signed and I’ve this message :
Vault UI is not available in this binary.
To get Vault UI do one of the following:
Download an official release
Run make bin to create your own release binaries.
Run make dev-ui to create a development binary with the UI.
Can you explain to me why I have not the ui ?
I will try with docker-compose when I will able to do it with this way !
General question: Is there a reason why you built the image yourself and not the official one from Docker hub? Your problem may then be solved. I’ve seen the error message with the binary before, but first have to see what it was.
Where do you run vault server... ? On your local machine? Your container should do this. Is vault installed on your local machine using homebrew? I am very confused what’s going on.
If I run the docker-compose build command without the line tls_cert_file and tls_key_file and replacing the https by http in my docker-compose file and my vault.hcl file, all is working correctly.
If I run the docker-compose command with the line tls_cert_file and tls_key_file and with the https in place of http, the logs of my container is :
Error initializing listener of type tcp: error loading TLS cert: open /home/xxx/Vault-Docker/domain.crt: no such file or directory
While when I run this command :
vault server -config vault-config.hcl
With the line tls_cert_file and tls_key_file and with the https in my files ( like shown in the docker-compose.yaml file and vault-conf.hcl in this reply ), all works fine.
I do all my manipulations on a ubuntu 20.04 VM in which I want to create a docker container with vault. I don’t really understand why in the first case (via the docker compose command ) I can’t set up a container with vault in https.
Thanks again for the help you provide at the beginner that I am.
You’ll have to mount/ copy the certs into the container. Your container doesn’t know anything about /home/xxx/Vault-Docker. If you run the command locally it’ll work, because the path is correct and available. In your docker-compose there is a mount /vault/certs. You’ll have to create this directory locally and copy the certs into it. Than your vault-config.hcl should point - in case of the tls-parameters - to this directory.