I'm trying to run vault and consul, i'm using nginx :
location /app {
deny all;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://vault-consul:8500;
}
location / {
deny all;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://vault-app:8200;
}
the problem is when I restart nginx ;
and hit https://domai-name.com/app it redirect me to https://domai-name.com/ui whichis the user interface for vault-app and not vault-consul, could you help please ?
It is possible to host Consul and Vault behind a single /ui/<app> path and selectively proxy traffic to the correct application based on the HTTP Referer header. This solution was originally shared by GitHub user radioipcloud in https://github.com/hashicorp/consul/issues/11627.
An operator may desire to place the Vault and Consul UIs under the same hostname behind an nginx proxy and make them accessible at a URL path such as <hostname>/ui/<consul/vault>/.
location /ui {
if ($http_referer ~ (/ui/vault)) {
proxy_pass http://127.0.0.1:8200;
}
if ($http_referer ~ (/ui/consul)) {
proxy_pass http://127.0.0.1:8500;
}
}
location /v1 {
if ($http_referer ~ (/ui/vault)) {
proxy_pass http://127.0.0.1:8200;
}
if ($http_referer ~ (/ui/consul)) {
proxy_pass http://127.0.0.1:8500;
}
}
location /ui/vault/ {
proxy_pass http://127.0.0.1:8200/ui/;
}
location /ui/consul {
proxy_pass http://127.0.0.1:8500;
}
Make sure to set -ui-content-path=/ui/consul/ when starting consul.