Terminating gateway errors with 'Connection reset by peer'

I’m working to create a terminating gateway to use Consul with a deployed nomad job. While the proxies show as connected in the Consul UI, whenever I try to connect to the service via the gateway, I get the error ‘Connection reset by peer’.

The steps I’m following to create the terminating gateway are at:
Register External Services with Consul Service Discovery | Consul | HashiCorp Developer

Any ideas on how to troubleshoot this error is appreciated.


Hi @rajesh1,

Are ACLs enabled in your cluster? If so, you will need to update the terminating gateway’s token to provide it with service:write access for all services that are associated with it. For example:

service "my_new_service" {
  policy = "write"

This requirement is documented here https://developer.hashicorp.com/consul/docs/connect/gateways/terminating-gateway#terminating-gateway-configuration.

If ACLs are enabled, terminating gateways must be registered with a token granting node:read on the nodes of all services in its configuration entry. The token must also grant service:write for the terminating gateway’s service name and the names of all services in the terminating gateway’s configuration entry. These privileges will authorize the gateway to terminate mTLS connections on behalf of the linked services and then route the traffic to its final destination.

You will also need to create intentions allowing access from the source services to the destination service names that are routing through the gateway.