March 24, 2017
Running Tableau Server with SSL on a custom port
Need a secure reporting solution? Consider Tableau.
Tableau gained deserved popularity as a tool that provides simplicity and interactivity for reporting and analytics. However, CoreValue discovered a pitfall when developing such a solution through Tableau Server. Here is what we found.
Using HTML for front-end navigation and filters, we integrated multiple Tableau worksheets from the same instance using embedded views. The page was running on IIS, and was bound to the default HTTP port 80. It included Tableau, which was running on a custom HTTP port (ex. 8080).
Due to security concerns, it was essential to move all our connections to HTTPS. To run this page on the default HTTPS port 443 for our users to access, we redirected the unsecure HTTP port 80 to HTTPS port 443, so that everything would run only on a secure connection. This meant that Tableau had to run on a different port with SSL. This is where we ran into a problem.
According to Tableau’s own documentation, Tableau Server can only run on the default HTTPS port 443, which automatically implies different servers, domains, etc., and results in more complications and issues to resolve.
After thorough investigation and research through the Tableau community site, we found that Tableau itself does not provide a solution for the issue. We decided instead to investigate Tableau’s internal Apache Server. This yielded some significant results.
We found that C:\ProgramData\Tableau\Tableau Server\data\tabsvc\config\httpd.conf contains the precise configuration for the virtual host via the HTTPS connection. However, httpd.conf is updated whenever configuration is saved or tabadmin config runs, as shown here.
Analysis of the template file
(C:\Program Files\Tableau\Tableau Server\10.0\templates\httpd.conf.templ)
reveals that Tableau Server does not hard code the SSL port, because it contained lines of additional code, such as <VirtualHost *:<%=ssl.port %>>. This means that Tableau Server has an ssl.port variable set which can be changed.
When the template file was examined for all configurations located at C:\Program Files\Tableau\Tableau Server\10.0\templates\tabsvc.yml, we identified the line containing ssl.port: 443.
In order to confirm that this is a variable available for modification, we executed the following line of code:
C:\Program Files\Tableau\Tableau Server\10.0\bin>tabadmin get ssl.port
===== the value for key ‘ssl.port’ is: 443
This confirmed that there is indeed an existing variable in Tableau that we can program with a simple command. To change the ssl.port to 8088, simply execute the following command:
C:\Program Files\Tableau\Tableau Server\10.0\bin>tabadmin set ssl.port 8088
As a result of our success in finding this particular key variable, we applied standard methods to build wider functionality and better user experience. After rigorous testing, we successfully released our Tableau reporting and analytics solution with Tableau Server running on the custom SSL port. It is currently running smoothly in a production environment.
October 11, 2017 | Nikola Krastev
A microservices approach is not a silver bullet for all software architecture problems. It introduces tradeoffs and challenges of its own. However, process gains and improvements in human performance have been considered to be worth the overhead in technology. Here are some general arguments against using sophisticated SOA. Server performance and overhead in communication By […]
September 27, 2017
We are pleased to announce that CoreValue president Igor Kruglyak will participate in IT Arena 2017, to be held in Lviv, Ukraine, September 29 – October 1, 2017.