(An aside: I’m posting under a new account because I couldn’t seem to log in to my old account).
I’ve got a client who doesn’t want to expose their database to the public internet but also wants to use Tableau.
Tableau provides a solution where you ship their Tableau Bridge service within your private network and it will act as a proxy, punching out of the private network directly to Tableau.
The problem is, it can only connect to databases over IPv4 and Fly’s .internal domains resolve to IPv6 addresses.
I’ve reached out to them to get a timeline for them supporting IPv6 but I’m not holding my breath.
I’m hoping there is a way (even a hack) to allow Tableau Bridge to connect to postgres within in the same org over IPv4 but not via the public internet.
If I understand your requirements correctly, you want to run Tableau Bridge as a Fly Machine and have it connect to a PostgreSQL database inside of your org’s 6PN and do so using an IPv4 address.
If that’s correct, I’m thinking the most straightforward approach is to run either a PostgreSQL-specific connection pooler, or any vanilla L4 reverse proxy, inside of the Tableau Bridge’s Machine and have the Bridge talk to localhost:<whatever> (where whatever is anything but probably 5432 for consistency).
Doing so offloads the IPv6 resolution to your L4/pooler of choice and allows the Bridge to use localhost/127.0.0.1(or 0.0.0.0 if you want).
Concretely: use a process manager (supervisord, overmind, goreman) to run 2 processes: Tableau Bridge and any L4/pooler (PgBouncer, PgCat, Traefik w/ a TCP router) in a Fly Machine that can address your PostgreSQL database over 6PN (<app>.internal); have Bridge connect to your L4/pooler on localhost, and the L4/pooler proxy connect to your PostgreSQL database.
I haven’t tested this and YMMV, but it seems sound
