Vault fails to unseal with Ngnix as reverse proxy

Hi Team,

We have configured vault , and able to use vault UI directly connecting to server using URL:

However, if we use existing nginx as reverse proxy for vault, UI doesn’t work and shows as sealed (vault is already unseal through direct server url).

Configuration details:

everse Proxy URL:


upstream backendvault {

location ~* (./ui)/(.){
access_log /var/log/nginx/vault/access.log timed_combined;
error_log /var/log/nginx/vault/error.log error;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Accept-Encoding “”;
proxy_pass http://backendvault;
# proxy_redirect /ui/vault/ /ui/;

vault-config.hcl file:

ui = true
listener “tcp” {
address = “”
proxy_protocol_behavior = “use_always”
tls_disable = “true”
storage “postgresql” {
connection_url = “postgres://”
path = “vault/”
disable_mlock = true
api_addr = “
log_level = “debug”

Any recommendations will help.

Thank you,

Nginx is a standard HTTP proxy, not a SOCKS proxy. When you put proxy_protocol_behavior=always Vault switches to SOCKS proxy mode.

Just remove proxy_protocol_behavior from your configuration file.

Sure I will remove that parameter.

HI Team ,

Any recommendation is appreciated, still I have the same issue

Thank you