nginxconsulvault

nginx server location mapping conflict


I'm trying to run vault and consul, i'm using nginx :

location /app {
    deny all;
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_pass http://vault-consul:8500;
  }
location / {
    deny all;
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_pass http://vault-app:8200;
  }

the problem is when I restart nginx ; and hit https://domai-name.com/app it redirect me to https://domai-name.com/ui whichis the user interface for vault-app and not vault-consul, could you help please ?


Solution

  • It is possible to host Consul and Vault behind a single /ui/<app> path and selectively proxy traffic to the correct application based on the HTTP Referer header. This solution was originally shared by GitHub user radioipcloud in https://github.com/hashicorp/consul/issues/11627.


    An operator may desire to place the Vault and Consul UIs under the same hostname behind an nginx proxy and make them accessible at a URL path such as <hostname>/ui/<consul/vault>/.

    Solution

    location /ui {
        if ($http_referer ~ (/ui/vault)) { 
                proxy_pass http://127.0.0.1:8200;
        }
        if ($http_referer ~ (/ui/consul)) {
            proxy_pass http://127.0.0.1:8500;
        }
    }
    
    location /v1 {
            if ($http_referer ~ (/ui/vault)) {
                proxy_pass http://127.0.0.1:8200;
            }
            if ($http_referer ~ (/ui/consul)) {
                proxy_pass http://127.0.0.1:8500;
            }
    }
    
    location /ui/vault/ {
        proxy_pass http://127.0.0.1:8200/ui/;
    }
    
    location /ui/consul {
            proxy_pass http://127.0.0.1:8500;
    }
    

    Make sure to set -ui-content-path=/ui/consul/ when starting consul.