Hi Team,
We have configured vault , and able to use vault UI directly connecting to server using URL: http://vaultserver.test.com:9009
However, if we use existing nginx as reverse proxy for vault, UI doesn’t work and shows as sealed (vault is already unseal through direct server url).
Configuration details:
everse Proxy URL:
https://orgniz.test.com/ui/vault
Nginx.conf
upstream backendvault {
server vaultserver.test.com:9009;
}
location ~* (./ui)/(.){
access_log /var/log/nginx/vault/access.log timed_combined;
error_log /var/log/nginx/vault/error.log error;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Accept-Encoding “”;
proxy_pass http://backendvault;
# proxy_redirect /ui/vault/ /ui/;
}
vault-config.hcl file:
ui = true
listener “tcp” {
address = “0.0.0.0:9009”
proxy_protocol_behavior = “use_always”
tls_disable = “true”
}
storage “postgresql” {
connection_url = “postgres://vault:vault@dbserver.test.com:XXXX/vault?sslmode=disable”
path = “vault/”
}
disable_mlock = true
api_addr = “http://vaultserver.test.com:9009/v1”
log_level = “debug”
Any recommendations will help.
Thank you,