Curl into Vault server running in server mode fails when running via Vault Docker image

Question

I've been running the vault server mode with the official example provided in the Docker vault documentation. Though the server started successfully I cannot interact with the Vault server via its HTTP Rest API. Find my docker run command attached below.

docker run -e 'SKIP_SETCAP=1' -e 'VAULT_LOCAL_CONFIG={"backend": {"file": {"path": "/vault/file"}}, "listener": { "tcp": { "address": "0.0.0.0:8200", "tls_disable": 1 } }, "default_lease_ttl": "168h", "max_lease_ttl": "720h", "disable_mlock": "true"}' vault server

When I try to curl into the vault server to validate the vault server initialization it throws a Connection refused error.

ravindu@ravindu-Aspire-F5-573G:~$ curl http://127.0.0.1:8201/v1/sys/init
curl: (7) Failed to connect to 127.0.0.1 port 8201: Connection refused

Given below is the message displayed when docker vault docker container is up and running,

==> Vault server configuration:

                     Cgo: disabled
              Listener 1: tcp (addr: "0.0.0.0:8200", cluster address: "0.0.0.0:8201", tls: "disabled")
               Log Level: info
                   Mlock: supported: true, enabled: false
                 Storage: file
                 Version: Vault v0.8.3
             Version Sha: 6b29fb2b7f70ed538ee2b3c057335d706b6d4e36

==> Vault server started! Log data will stream in below:

Given below is my local.json within my vault container,

{"backend": {"file": {"path": "/vault/file"}}, "listener": { "tcp": { "address": "0.0.0.0:8200", "tls_disable": 1 } }, "default_lease_ttl": "168h", "max_lease_ttl": "720h", "disable_mlock": "true"}

Answer 1

The reason that you can't curl is because you haven't exposed the ports. You need to add -p 8200:8200 to your run command, and use the port 8200 to connect.