I have successfully configured vault and consul via tls. However i couldn’t find a way to redirect or disable both to be reached over ipv4 insecurely without using nginx or similar tool.
Is there way without nginx or similar tool in front of them to accomplished this task?
You configure both with the listener blocks, and by default TLS is enabled and will complain about missing certs. If you don’t have any listener blocks without tls_disabled = true then no insecure connections can get in.
Thank you for the reply Aram.
Unfortunately i can’t agree with " If you don’t have any listener blocks without tls_disabled = true then no insecure connections can get in."
Here it is part of consul and vault configuration.
I’m not referring to the communication between vault and consul.
So when i try to reach vault or consul via the ipv4 in the browser instead using the fqdn, they are loaded insecurely. For this reason i have asked if there is a way to prevent that, without using additional tools.
However, again, how do you know that it is an insecure connection? Are you using a browser and the icon is blocked out? Are you using curl and you can use http?
Just the browser is noticing that the connection to that domain is insecure, but this is normal thing, when trying to reach a particular url via the ip address, because is not being covered by the certificate, which i want to prevent, if possible without using additional tools.
For example if you have nginx in front of vault and you tried to reach the ip address of it, nginx will not loaded it and will return generic error based on the configuration.