I’m attempting to setup Hashicorp Vault on a server for the first time. I’m simply trying to see the UI from somewhere besides the localhost. After reading the instructions on the vault setup tutorial I walk away thinking about how simple this is going to be.
However I’ve yet to be able to actually see the UI outside of the localhost and I’m not sure if the problem is in my config.hcl file for vault, or if the problem lies somewhere in my Debian linux configuration (Or if anyone knows what the typical gotchas are that block vault on a vanilla Debian installation if that really is what’s happening.)
I’ve tried a series of configurations shown below:
Config A (Is it a Mask?)
Configuration
ui = true
storage "inmem" {}
// TCP Listener
listener "tcp" {
address = "10.0.0.0:8200"
tls_disable = "true"
}
Response
- Connection refused on localhost
curl 127.0.0.1:8200/ui/
- Remote never resolves
http://10.175.18.49:8200/ui/
Config B (Can I open up ‘everything’?)
Configuration
ui = true
storage "inmem" {}
// TCP Listener
listener "tcp" {
address = "0.0.0.0:8200"
tls_disable = "true"
}
Response
- HTML populates on localhost!! (yay!)
curl 127.0.0.1:8200/ui/
- Remote never resolves
http://10.175.18.49:8200/ui/
Config C (Do I just hardcode the IP?)
Configuration
ui = true
storage "inmem" {}
// TCP Listener
// Assumes machine pings on 10.175.18.49
listener "tcp" {
address = "10.175.18.49:8200"
tls_disable = "true"
}
Response
- Connection refused on localhost
curl 127.0.0.1:8200/ui/
- Remote never resolves
http://10.175.18.49:8200/ui/
NOTE: I’m launching Vault into a container using this command:
docker run --cap-add=IPC_LOCK -p 8200:8200 -v /tmp/vault:/tmp/vault -d --name=dev-vault vault server -config /tmp/vault/config.hcl
