Vault UI port change


I have been trying to find an answer to this but have been unsuccessful so im trying here, i apologise if this has already been discussed.

Project im working on is planning on setting up Vault as secret storage to replace previous unsecure methods, Vault would most likely be used mainly through UI.

The default port for Vault is 8200 and the UI is accessed from My question is that is there a way to make Vault bind to port 443? I quickly tried to make iptables redirect from 443 to 8200 but this was unsuccessful (i did not have a chance to debug this properly)

Is it by design that that Vault should be accessed from port 8200 and i should just leave it as it is (which in the end is not an issue) or is there a way to use standard HTTPS port with Vault?


Normally you don’t change Vault’s port but use a Load Balancer in front of your cluster. There you can bind to 443 (default https) and then route back to 8200 on the vault nodes, as this supports HA – which if you’re putting Vault into a production environment you should have at least 3 nodes.

To change it at the Vault node is easy as well.

Thank you for the reply, the load balancer method did cross my mind, i assume i can use HTTP between the load balancer and Vault if TSL is terminated at load balancer level?

You can but shouldn’t.

LB should be a SSL pass-thru, otherwise when you go to your logs and audit devices no useful information about the client would be available.

1 Like