Hi,

1. How to allow users in the internet through web applications to access tableau server with below constraints:

A)      Without having exposed the tableau server through public IP.

B)      Without any proxy server (F5 or apache) having public IP that translates the public IP directly to tableau private IP

The constraints above are for security to allow access directly to tableau server. There is a Wildfly server that has a public entry through F5 LB as depicted above.

Below is the small overview of the access flow implemented here: -

The tableau server, Wildfly server and the access pattern is depicted in the below figure:

1. Number 1 above denotes that the Tableau server is not assigned any Public IP for the purpose of restricting its access outside the network.

1. Number 2 above denotes that there is a Wildfly server which is in trusted list of tableau server for trusted ticket authentication. This server asks for a trusted token from the tableau server using tableau private IP.

curl -v -d 'username=<tableau_user>'  http:// <private_ip_tableau>:<tableau_port>/trusted

• After obtaining the trusted token it redirects the call as http header location along with the ticket.

• This call returns an HTML response in the front end browser <iframe> tag

1. Number 3 above denotes that the browser now tries to download the scripts and images using the relative URL as a part of the HTML rendering.[HTML is the output of the second http call above]. And it gets HTTP 404 as it does not find the relative paths of the resources.