7 Replies Latest reply on Jun 15, 2019 12:43 AM by Alexandru Savencu

    Let's Encrypt Linux Tableau Server

    Holly Do

      Hi, does anyone have a guide to using Let's Encrypt to get https for Tableau Server on a linux system? I currently have Tableau server running on Ubuntu 16.04 LTS. 

       

      Thank you,

        • 1. Re: Let's Encrypt Linux Tableau Server
          patrick.byrne.0

          Hello Holly,

           

          I have not heard of anyone using this specific program for encryption. But I would check out the following section of the Tableau product help on network security: Network Security - Tableau

           

          Hope this helps!

           

          Cheers,

          Byrne, Patrick

          • 2. Re: Let's Encrypt Linux Tableau Server
            Holly Do

            I've successfully figured out how to use letsencrypt to get https for Tableau server. So if anyone else wants to use letsencrypt with a linux system, these are the steps that I took:

             

            1. Install certbot on your server. Go here for instructions on how to install certbot.

             

            2. Get the certificate using certbot by running this command: sudo certbot certonly

                 - Pick the 3rd option (3. Place files in webroot directory)

                 - Your webroot should be at: /var/opt/tableau/tableau_server/data/tabsvc/httpd/htdocs

            Certbot will put your certificate and key in the /etc/letsencrypt/live/<your tableau server's domain>

             

            3. Configure SSL on Tableau server

                 - Tableau's documentation on how to configure SSL for Tableau server

            Basically you'll just run this command:

            tsm security external-ssl enable --cert-file /etc/letsencrypt/live/<your domain>/fullchain.pem --key-file /etc/letsencrypt/live/<your domain>/privkey.pem

             

            Then you run tsm pending-changes apply

             

            That's it! Your site should then be encrypted.

                     

             

            4 of 4 people found this helpful
            • 3. Re: Let's Encrypt Linux Tableau Server
              Jeremiah Scanlon

              Thank you, for this information! It helped a lot. I knew it should be easy, but I was struggling to find the solution.

               

              I'm curious. Have you been through a renewal yet? Does the Tableau server need to be restarted to recognize the new certs?

               

              I've read about using the "renew_hook" in /etc/letsencrypt/renewal/example.com.conf to run a step after renewal, but not sure if that is needed in this instance or not.

              • 4. Re: Let's Encrypt Linux Tableau Server
                omer lewy

                I used opelssl for windows which is about the same thing, and when I renewed the cert, I needed to restart

                • 5. Re: Let's Encrypt Linux Tableau Server
                  Jerome Urbain

                  Hello,

                   

                  Note that in my case, on one Ubuntu 18.04 server I was facing an issue of reading permissions of the key files. I copied them to another place and made sure they were readable by non-root users with "sudo chmod 644 ..."

                   

                  Here is the complete list of installation steps of my certificates (I also installed certbot without apache - Tableau Server takes care of that):

                  1.     sudo apt-get update
                  2.     sudo apt-get install software-properties-common
                  3.     sudo add-apt-repository universe
                  4.     sudo add-apt-repository ppa:certbot/certbot
                  5.     sudo apt-get update
                  6.     sudo apt-get install certbot
                  7.     sudo certbot certonly --standalone

                   

                  Then install Tableau server, then:

                  • sudo cp /etc/letsencrypt/live/<your_domain>/fullchain.pem <new_location>/<your_domain>.crt
                  • sudo cp /etc/letsencrypt/live/<your_domain>/privkey.pem <new_location>/<your_domain>.key
                  • sudo chmod 644 <new_location>/<your_domain>.key

                   

                  Then the tsm security external-ssl and finally tsm pending-changes apply as mentioned by Holly Do

                   

                  I hope this is helpful,

                  • 6. Re: Let's Encrypt Linux Tableau Server
                    Holly Do

                    Yes, I had done the renewal process. You do have to restart after renewing the certificate using certbot because after running tsm pending-changes apply you'll be prompted to restart so that your settings could apply.

                    • 7. Re: Let's Encrypt Linux Tableau Server
                      Alexandru Savencu

                      We are using letsencrypt for almost a year now.

                       

                      We are using a cron script to copy the renewed certificate to replace the certificate in Tableau Server directory. The new certificate is picked up upon Tableau Server restart