Member-only story
How to Dockerize your HashiCorp Vault set up with nginx reverse proxy
2 min readOct 31, 2020
If you have Dockerized HashiCorp Vault, you might need to access it over the internet or from outside your internal network. The most common standard is to run your Vault set up behind the reverse proxy. Then of course you have to configure HTTPS connection.
I will not write details on the setup. I assume you are familar with docker/docker-compose.
Vault docker-compose file
version: '2'
services:
myvault:
image: vault
container_name: myvault
ports:
- "8200:8200"
volumes:
- ./file:/vault/file:rw
- ./config:/vault/config:rw
cap_add:
- IPC_LOCK
entrypoint: vault server -config=/vault/config/vault.json
networks:
- your-docker-network
# Networks to be created to facilitate communication between containers
networks:
your-docker-network:
external:
name: syour-docker-network-nameHere is my vault.json file
{
"ui": true,
"max_lease_ttl": "2160h",
"default_lease_ttl": "2160h",
"backend": [
{
"file": {
"path": "/vault/file"
}
}
],
"listener": [
{
"tcp": {
"address": "0.0.0.0:8200",
"tls_disable": "true",
"proxy_protocol_behavior": "use_always"
}
}
],
"disable_mlock": true,
"api_addr": "http://localhost:8200",
"disable_clustering": true
}Here is my nginx docker-compose file
version: '3'
services:
nginx:
image: nginx
container_name: nginx
restart: on-failure
volumes:
- ./conf:/etc/nginx/conf.d
- /usr/local/certs:/etc/nginx/certs
ports:
- "80:80"
- "443:443"
networks:
- your-docker-network
# Networks to be created to facilitate communication between containers
networks:
your-docker-network:
external:
name: your-docker-network-namenginx.conf file (I have added inside current_path/conf directory)
upstream vault_backend {…
