March 24, 2017
Running Tableau Server with SSL on a custom port
Need a secure reporting solution? Consider Tableau.
Tableau gained deserved popularity as a tool that provides simplicity and interactivity for reporting and analytics. However, CoreValue discovered a pitfall when developing such a solution through Tableau Server. Here is what we found.
Using HTML for front-end navigation and filters, we integrated multiple Tableau worksheets from the same instance using embedded views. The page was running on IIS, and was bound to the default HTTP port 80. It included Tableau, which was running on a custom HTTP port (ex. 8080).
Due to security concerns, it was essential to move all our connections to HTTPS. To run this page on the default HTTPS port 443 for our users to access, we redirected the unsecure HTTP port 80 to HTTPS port 443, so that everything would run only on a secure connection. This meant that Tableau had to run on a different port with SSL. This is where we ran into a problem.
According to Tableau’s own documentation, Tableau Server can only run on the default HTTPS port 443, which automatically implies different servers, domains, etc., and results in more complications and issues to resolve.
After thorough investigation and research through the Tableau community site, we found that Tableau itself does not provide a solution for the issue. We decided instead to investigate Tableau’s internal Apache Server. This yielded some significant results.
We found that C:\ProgramData\Tableau\Tableau Server\data\tabsvc\config\httpd.conf contains the precise configuration for the virtual host via the HTTPS connection. However, httpd.conf is updated whenever configuration is saved or tabadmin config runs, as shown here.
Analysis of the template file
(C:\Program Files\Tableau\Tableau Server\10.0\templates\httpd.conf.templ)
reveals that Tableau Server does not hard code the SSL port, because it contained lines of additional code, such as <VirtualHost *:<%=ssl.port %>>. This means that Tableau Server has an ssl.port variable set which can be changed.
When the template file was examined for all configurations located at C:\Program Files\Tableau\Tableau Server\10.0\templates\tabsvc.yml, we identified the line containing ssl.port: 443.
In order to confirm that this is a variable available for modification, we executed the following line of code:
C:\Program Files\Tableau\Tableau Server\10.0\bin>tabadmin get ssl.port
===== the value for key ‘ssl.port’ is: 443
This confirmed that there is indeed an existing variable in Tableau that we can program with a simple command. To change the ssl.port to 8088, simply execute the following command:
C:\Program Files\Tableau\Tableau Server\10.0\bin>tabadmin set ssl.port 8088
As a result of our success in finding this particular key variable, we applied standard methods to build wider functionality and better user experience. After rigorous testing, we successfully released our Tableau reporting and analytics solution with Tableau Server running on the custom SSL port. It is currently running smoothly in a production environment.