Vault 错误,服务器向 HTTPS 客户端提供 HTTP 响应
Vault Error, Server gave HTTP response to HTTPS client
我正在使用 Hashicorp 保管库作为秘密存储,并通过 Ubuntu 20.04 上的 apt 存储库安装它。
之后,我添加了访问 UI 的根密钥,并且我能够使用 UI 添加或删除机密。
每当我尝试使用命令行添加或获取机密时,我都会收到以下错误:
jarvis@saki:~$ vault kv get secret/vault
Get "https://127.0.0.1:8200/v1/sys/internal/ui/mounts/secret/vault": http: server gave HTTP response to HTTPS client
我的保管库配置如下所示:
# Full configuration options can be found at https://www.vaultproject.io/docs/configuration
ui = true
#mlock = true
#disable_mlock = true
storage "file" {
path = "/opt/vault/data"
}
#storage "consul" {
# address = "127.0.0.1:8500"
# path = "vault"
#}
# HTTP listener
#listener "tcp" {
# address = "127.0.0.1:8200"
# tls_disable = 1
#}
# HTTPS listener
listener "tcp" {
address = "0.0.0.0:8200"
tls_cert_file = "/opt/vault/tls/tls.crt"
tls_key_file = "/opt/vault/tls/tls.key"
}
# Example AWS KMS auto unseal
#seal "awskms" {
# region = "us-east-1"
# kms_key_id = "REPLACE-ME"
#}
# Example HSM auto unseal
#seal "pkcs11" {
# lib = "/usr/vault/lib/libCryptoki2_64.so"
# slot = "0"
# pin = "AAAA-BBBB-CCCC-DDDD"
# key_label = "vault-hsm-key"
# hmac_key_label = "vault-hsm-hmac-key"
#}
我解决了这个问题。尽管该异常可能对多个类似问题很常见,但我通过导出 运行 执行此命令后生成的根令牌解决了该问题:
vault server -dev
输出是这样的
...
You may need to set the following environment variable:
$ export VAULT_ADDR='http://127.0.0.1:8200'
The unseal key and root token are displayed below in case you want to
seal/unseal the Vault or re-authenticate.
Unseal Key: 1+yv+v5mz+aSCK67X6slL3ECxb4UDL8ujWZU/ONBpn0=
Root Token: s.XmpNPoi9sRhYtdKHaQhkHP6x
Development mode should NOT be used in production installations!
...
运行 这些命令,它应该这样做:
export VAULT_ADDR='http://127.0.0.1:8200'
export VAULT_TOKEN="s.XmpNPoi9sRhYtdKHaQhkHP6x"
注意:将“s.XmpNPoi9sRhYtdKHaQhkHP6x”替换为您从上述命令输出的令牌。
然后运行下面的命令检查状态:
vault status
同样,许多不同问题的错误消息可能相似。
在 Windows 10 的 PowerShell 中,我可以这样设置:
$Env:VAULT_ADDR='http://127.0.0.1:8200'
然后
vault status
返回正确。这是在开发模式下的 Vault 1.7.3 上
您可以通过在命令行中指定它并按回车键来回显 VAULT_ADDR - 与上面的设置行相同,但省略 = 符号及其后的所有内容
$Env:VAULT_ADDR
输出:
Key Value
--- ----- Seal Type shamir Initialized true Sealed false Total Shares 1 Threshold 1 Version
1.7.3 Storage Type inmem Cluster Name vault-cluster-80649ba2 Cluster ID 2a35e304-0836-2896-e927-66722e7ca488 HA Enabled
false
我正在使用 Hashicorp 保管库作为秘密存储,并通过 Ubuntu 20.04 上的 apt 存储库安装它。
之后,我添加了访问 UI 的根密钥,并且我能够使用 UI 添加或删除机密。
每当我尝试使用命令行添加或获取机密时,我都会收到以下错误:
jarvis@saki:~$ vault kv get secret/vault
Get "https://127.0.0.1:8200/v1/sys/internal/ui/mounts/secret/vault": http: server gave HTTP response to HTTPS client
我的保管库配置如下所示:
# Full configuration options can be found at https://www.vaultproject.io/docs/configuration
ui = true
#mlock = true
#disable_mlock = true
storage "file" {
path = "/opt/vault/data"
}
#storage "consul" {
# address = "127.0.0.1:8500"
# path = "vault"
#}
# HTTP listener
#listener "tcp" {
# address = "127.0.0.1:8200"
# tls_disable = 1
#}
# HTTPS listener
listener "tcp" {
address = "0.0.0.0:8200"
tls_cert_file = "/opt/vault/tls/tls.crt"
tls_key_file = "/opt/vault/tls/tls.key"
}
# Example AWS KMS auto unseal
#seal "awskms" {
# region = "us-east-1"
# kms_key_id = "REPLACE-ME"
#}
# Example HSM auto unseal
#seal "pkcs11" {
# lib = "/usr/vault/lib/libCryptoki2_64.so"
# slot = "0"
# pin = "AAAA-BBBB-CCCC-DDDD"
# key_label = "vault-hsm-key"
# hmac_key_label = "vault-hsm-hmac-key"
#}
我解决了这个问题。尽管该异常可能对多个类似问题很常见,但我通过导出 运行 执行此命令后生成的根令牌解决了该问题:
vault server -dev
输出是这样的
...
You may need to set the following environment variable:
$ export VAULT_ADDR='http://127.0.0.1:8200'
The unseal key and root token are displayed below in case you want to
seal/unseal the Vault or re-authenticate.
Unseal Key: 1+yv+v5mz+aSCK67X6slL3ECxb4UDL8ujWZU/ONBpn0=
Root Token: s.XmpNPoi9sRhYtdKHaQhkHP6x
Development mode should NOT be used in production installations!
...
运行 这些命令,它应该这样做:
export VAULT_ADDR='http://127.0.0.1:8200'
export VAULT_TOKEN="s.XmpNPoi9sRhYtdKHaQhkHP6x"
注意:将“s.XmpNPoi9sRhYtdKHaQhkHP6x”替换为您从上述命令输出的令牌。
然后运行下面的命令检查状态:
vault status
同样,许多不同问题的错误消息可能相似。
在 Windows 10 的 PowerShell 中,我可以这样设置:
$Env:VAULT_ADDR='http://127.0.0.1:8200'
然后
vault status
返回正确。这是在开发模式下的 Vault 1.7.3 上
您可以通过在命令行中指定它并按回车键来回显 VAULT_ADDR - 与上面的设置行相同,但省略 = 符号及其后的所有内容
$Env:VAULT_ADDR
输出:
Key Value --- ----- Seal Type shamir Initialized true Sealed false Total Shares 1 Threshold 1 Version
1.7.3 Storage Type inmem Cluster Name vault-cluster-80649ba2 Cluster ID 2a35e304-0836-2896-e927-66722e7ca488 HA Enabled
false