Vault UI port change

ErkkaKorpi · March 10, 2022, 7:44am

Hi,

I have been trying to find an answer to this but have been unsuccessful so im trying here, i apologise if this has already been discussed.

Project im working on is planning on setting up Vault as secret storage to replace previous unsecure methods, Vault would most likely be used mainly through UI.

The default port for Vault is 8200 and the UI is accessed from https://example.com:8200/ui. My question is that is there a way to make Vault bind to port 443? I quickly tried to make iptables redirect from 443 to 8200 but this was unsuccessful (i did not have a chance to debug this properly)

Is it by design that that Vault should be accessed from port 8200 and i should just leave it as it is (which in the end is not an issue) or is there a way to use standard HTTPS port with Vault?

Thanks

aram · March 10, 2022, 7:49am

Normally you don’t change Vault’s port but use a Load Balancer in front of your cluster. There you can bind to 443 (default https) and then route back to 8200 on the vault nodes, as this supports HA – which if you’re putting Vault into a production environment you should have at least 3 nodes.

To change it at the Vault node is easy as well.

ErkkaKorpi · March 10, 2022, 8:54am

Thank you for the reply, the load balancer method did cross my mind, i assume i can use HTTP between the load balancer and Vault if TSL is terminated at load balancer level?

aram · March 10, 2022, 11:51am

You can but shouldn’t.

LB should be a SSL pass-thru, otherwise when you go to your logs and audit devices no useful information about the client would be available.

Topic		Replies	Views
Questions about installing Vault Vault	2	482	July 25, 2022
Vault UI setup and balancing Vault	3	1693	July 25, 2019
Vault UI access from a bastion host Vault	9	1799	February 27, 2021
Unable to access Vault UI from the LoadBalancer Vault vault	10	1988	November 1, 2023
TLS config for Vault UI Vault	2	2007	November 13, 2020

Vault UI port change

Related topics