Get https://127.0.0.1:8200/v1/sys/seal-status: http: server gave HTTP re

[Rick OS]

Hi All, 

Im having some initial config issues getting vault up and running on Ubuntu 16.04

Vault is running and ive unsealed the Consul backend but everytime i run vault <insert function> i get the following error

Error checking seal status: Get https://127.0.0.1:8200/v1/sys/seal-status: http: server gave HTTP response to HTTPS client

if i the use curl http://127.0.0.1:8200/v1/sys/seal-status (remove the https) i get

{"errors":["missing client token"]}

Ive read lots of posts, but im not making any real progress so thought id post it up here. 

Config Info

I configured a 3 node Consul cluster which is running under a separate consul user. Ive added the necessary permissions to allow this to start consul without sudo

Vault is started and pointing at consul as the backend. Everything is initialized and unsealed 

==> Vault server configuration:

                 Backend: consul (HA available)

                     Cgo: disabled

         Cluster Address: https://XXX.XX.XXX.10:8201

              Listener 1: tcp (addr: "0.0.0.0:8200", cluster address: "", tls: "disabled")

               Log Level: info

                   Mlock: supported: true, enabled: true

        Redirect Address: http://XXX.XX.XXX.10:8200

                 Version: Vault v0.6.5

             Version Sha: 5d8d702f33b5fd965cbe8d6d0728295de813a196

==> Vault server configuration:

{

   "backend":{

      "consul":{

         "address":"XXX.XX.XXX.10:8500",

         "path":"vault",

         "scheme":"http",

         "tls_skip_verify" : 1

      }

   },

   "listener":{

      "tcp":{

         "address":"0.0.0.0:8200",

         "tls_disable":1

                }

        }

}

[Randy Fay]

Well, that "tls_disable: 1"  in the "listener" stanza is disabling tls/https for you. You'll want to lose that.

You do have to authenticate for a number of tasks, seal-status is probably one. You get a root token when you unseal and you can do "vault auth" using that.

I recommend that you get started with vault using the vault tool rather than the API - it's identical almost everywhere (it just puts API requests together) but it's easier for the learning process.

-Randy

[Rick OS]

Hi Randy,

Thanks for the reply. 

Ive tried removing the tls_disable parameter, but i get the following when trying to start vault now

Error initializing listener of type tcp: 'tls_cert_file' must be set

Cheers  

[Rick OS]

OK, made some progress, by using the export VAULT_ADDR='http://127.0.0.1:8200' while TLS is disabled.

On Sunday, 19 March 2017 00:51:39 UTC+11, Rick OS wrote:

[Randy Fay]

Right, you'll need to provide a certificate and key. Every SSL webserver (which is what this is) requires a certificate to serve https.

-Randy

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/7ad934eb-96d9-487b-9459-359f76c79b0f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Randy Fay

ra...@randyfay.com

+1  970.462.7450