'How to fix "vault connection failed due to proxy issue" in spring-boot vault integration?

I want to connect to vault using a proxy. Here in my case, I only require proxy for vault connection, how can we specify the same?

I tried with below configuration:

spring:
  application:
    name: qualifier-service
  profiles:
    active: ${spring_profiles_active}
  cloud:
    vault:
      enabled: true
      uri: ${vault_uri}
      port: 443
      scheme: https
      proxy:
        https:
          host: proxyHost
          port: 123
      namespace: ${vault_namespace}
      authentication: TOKEN
      token: ${spring_cloud_config_token}

      generic:
        enabled: true
        backend: kv
        kvVersion: 2
        profile-separator: '/'
        default-context: qualifier-service
        application-name: qualifier-service

I am getting the below error:

Vault location [kv/qualifier-service] not resolvable: Cannot login using org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://vault.url:443/v1/auth/aws/login": Connect to vault.url:443   failed: connect timed out;

How can we pass a proxy specifically for vault. My service is connecting a cloud config server and other external services also but they don't required a proxy.

Any help on this is deeply appreciated.

spring-bootproxycloudhashicorp-vault


Solution 1:[1]

From the documentation:

You can configure the resttemplate: https://docs.spring.io/spring-cloud-vault/docs/current/reference/html/config-data.html#vault.configdata.customization

import org.apache.http.HttpHost;
import org.apache.http.impl.client.HttpClients;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.vault.config.AbstractVaultConfiguration.ClientFactoryWrapper;

@SpringBootApplication
public class VaultTestApplication {

    public static void main(String[] args) {
        SpringApplication application = new SpringApplication(VaultTestApplication.class);
        application.addBootstrapRegistryInitializer(registry -> registry.register(
                        ClientFactoryWrapper.class,
                        ctx -> new ClientFactoryWrapper(
                                new HttpComponentsClientHttpRequestFactory(
                                        HttpClients.custom()
                                                .setProxy(HttpHost.create("localhost:8080"))
                                                .build()
                                )
                        )
                )
        );
        application.run(args);
    }
}

Alternatively:

If passing all traffic through the proxy is fine, setting the java properties

-Dhttp.proxyHost=...
-Dhttp.proxyPort=...
-Dhttps.proxyHost=...
-Dhttps.proxyPort=...

will work if you have httpcomponents in your project (Vault will pick it up) e.g.

<dependency>
  <groupId>org.apache.httpcomponents</groupId>
  <artifactId>httpclient</artifactId>
</dependency>

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 revau.lt

Related Questions

Express and nginx net::ERR_CONTENT_LENGTH_MISMATCH

Express and nginx net::ERR_CONTENT_LENGTH_MISMATCH

git:// through proxy

iOS 13 Burp Suite Proxy Unable to Connect

difference between http_proxy and https_proxy

What does "trust proxy" actually do in express.js, and do I need to use it?

Ubuntu 18.04 Problem Making Certificate Request, string too short

Tunnel MTPROTO proxy on whole device

First run of Android Studio. Unable to access Android SDK add-on list

Nginx reverse proxy issue long request

Zuul routing the requests through an external proxy server

Error "Gradle sync failed: Connection refused: connect"

I can't setup proxy in mern stack(react-vite) and do not know the reason

How does VPN extensions authenticate users?

Proxied IOS App doesn't send http/s requests? How are they fetching the data then?