Redirect drop https

[ktf]

Hi, I have vault set up in HA mode using zookeeper. Whenever I hit a host which does not lead, I get redirected to a http:// url, rather than https:// and the vault client errors out saying redirection would remove security. Any idea of what is going wrong?

[ktf]

Actual message is:

Error reading secret/foobar: redirect would cause protocol downgrade

[jefferai]

You probably need to set the advertise_addr parameter on your Vault hosts. On each host this should be the URL that a standby should give to a client when redirecting them to that host. So in a non load-balanced scenario, this will generally be different -- A will set it to the URL for accessing Vault on A, B for accessing Vault on B, and so on. In a load-balanced scenario the address may be the same (the address of the load balancer).

[ktf]

Thanks, that worked.

Ciao,
Giulio
On 23 Feb 2016, at 14:15, Jeff Mitchell wrote:

You probably need to set the
advertise_addr
parameter on your Vault hosts. On each host this should be the URL
that a standby should give to a client when redirecting them to that
host. So in a non load-balanced scenario, this will generally be
different -- A will set it to the URL for accessing Vault on A, B for
accessing Vault on B, and so on. In a load-balanced scenario the
address may be the same (the address of the load balancer).

---

Reply to this email directly or view it on GitHub:
#1120 (comment)

[jefferai]

Great!