0

I am trying to run hashicorp vault server in a Docker container behind an Apache Forward Proxy (httpd v2.4; running in a container for testing purposes). Vault is set to use AWS KMS for Autounseal. However, vault gives the following error. No log information is being generated by the proxy.

vault_1  | Error parsing Seal configuration: error fetching AWS KMS wrapping key information: RequestError: send request failed
vault_1  | caused by: Post "https://kms.<region>.amazonaws.com/": proxyconnect tcp: dial tcp 172.28.0.2:9081: connect: connection refused
vault_1  | 2022-03-20T16:32:13.188Z [INFO]  proxy environment: http_proxy=http://proxy:9081 https_proxy=http://proxy:9081 no_proxy=".127.0.0.1,localhost,testproxy"

The Apache Proxy is configured as follow

Listen 9081
<VirtualHost *:9081>
  ServerName 0.0.0.0

  ProxyRequests On
  ProxyVia On
  SSLProxyEngine On
  ProxyPreserveHost On
  ProxyTimeout 300 

  <Proxy *>
    Order deny,allow
    Deny from all 
    Allow from all 
  </Proxy>

  AllowCONNECT "9081" 

</VirutalHost>

I have tried turning on and off various Apache modules. I've tried setting HTTPS_PROXY to https://proxy:9081. All this to no avail. What settings do I need to allow this proxy connection to go through?

Wanderer
  • 121
  • 6
  • Could you perhaps add a network diagram to your question? It's clear that KMS can't be contacted, the question is why. You could add a KMS endpoint to your VPC, but they cost a little bit of money. – Tim Mar 20 '22 at 19:29
  • In this test case I'm not using a VPC. So a VPC endpoint won't work here – Wanderer Mar 21 '22 at 12:57

0 Answers0