# My Vault UI is up and running on http but seems to be stuck. I want my clients to be able to access the Vault UI at https…
# Run this and shows everything is ok
sudo systemctl status vault.service
# Try to run this to set new domain and TLS
sudo vault server -config=/etc/vault.d/vault.hcl
# I get the below error
Error initializing listener of type tcp: listen tcp4 0.0.0.0:8200: bind: address already in use
vault.hcl
disable_performance_standby = true
ui = true
storage “raft” {
path = “/opt/vault/data/raft”
node_id = “i-xxxxxxxxxxxxxxxxxx”
retry_join {
leader_api_addr = “http://172.xx.xx.xxx:8200”
}
retry_join {
leader_api_addr = “http://172.xx.xx.xx:8200”
}
retry_join {
leader_api_addr = “http://172.xx.xx.x:8200”
}
retry_join {
leader_api_addr = “http://172.xx.xx.xxx:8200”
}
retry_join {
leader_api_addr = “http://172.xx.x.xxx:8200”
}
}
cluster_addr = “http://172.31.5.110:8201”
api_addr = “http://0.0.0.0:8200”
listener “tcp” {
address = “mydomain.com:8200”
tls_cert_file = “/opt/vault/data/raft/vault.crt”
tls_key_file = “/opt/vault/data/raft/vault.key”
tls_disable = 0
}
seal “awskms” {
region = “us-east-1”
kms_key_id = "xxxxx-xxxx-xxxx-xxxx
}
vault.service file
[Unit]
Description=“HashiCorp Vault - A tool for managing secrets”
Documentation=https://www.vaultproject.io/docs/
Requires=network-online.target
After=network-online.target
ConditionFileNotEmpty=/etc/vault.d/vault.hcl
StartLimitIntervalSec=60
StartLimitBurst=3
[Service]
User=vault
Group=vault
ProtectSystem=full
ProtectHome=read-only
PrivateTmp=yes
PrivateDevices=yes
SecureBits=keep-caps
AmbientCapabilities=CAP_IPC_LOCK
CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK
NoNewPrivileges=yes
ExecStart=/usr/bin/vault server -config=/etc/vault.d/vault.hcl
ExecReload=/bin/kill --signal HUP $MAINPID
KillMode=process
KillSignal=SIGINT
Restart=on-failure
RestartSec=5
TimeoutStopSec=30
StartLimitInterval=60
StartLimitBurst=3
LimitNOFILE=xxxxx
LimitMEMLOCK=infinity
[Install]
WantedBy=multi-user.target