Vault Docker Image - Cant get REST Response

Question

I am deploying vault docker image on Ubuntu 16.04, I am successful initializing it from inside the image itself, but I cant get any Rest Responses, and even curl does not work.

I am doing the following:

Create config file local.json :

{
        "listener": [{
                "tcp": {
                        "address": "127.0.0.1:8200",
                        "tls_disable" : 1
                }
        }],
        "storage" :{
                "file" : {
                        "path" : "/vault/data"
                }
        }
        "max_lease_ttl": "10h",
        "default_lease_ttl": "10h",
}

under /vault/config directory

running the command to start the image

docker run -d -p 8200:8200 -v /home/vault:/vault --cap-add=IPC_LOCK vault server

entering bash terminal of the image :

docker exec -it containerId /bin/sh

Running inside the following command

export VAULT_ADDR='http://127.0.0.1:8200' and than vault init

It works fine, but when I am trying to send rest to check if vault initialized: Get request to the following url : http://Ip-of-the-docker-host:8200/v1/sys/init

Getting No Response.

even curl command fails:

curl http://127.0.0.1:8200/v1/sys/init
curl: (56) Recv failure: Connection reset by peer

Didnt find anywhere online with a proper explanation what is the problem, or if I am doing something wrong.

Any Ideas?

Answer 1

If a server running in a Docker container binds to 127.0.0.1, it's unreachable from anything outside that specific container (and since containers usually only run a single process, that means it's unreachable by anyone). Change the listener address to 0.0.0.0:8200; if you need to restrict access to the Vault server, bind it to a specific host address in the docker run -p option.