1

I'm having trouble addressing Neo4j via a reverse proxy with NGINX.

The web client works without problems, but I have no idea about the Bolt protocol.

Here's how the web client works:

server {
    listen 80;
    server_name XXX;

    location / {
        proxy_pass http://YYY:7474/;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;
        proxy_buffering off;
    }
}

But how does the Bolt protocol over port 7687 work?

Thanks.

PS: Google translator ftw.

4

3 回答 3

4

你需要使用用--with-stream. 然后您可以将以下部分添加到您的 nginx 配置中

stream {
  server {
    listen 7687;
    proxy_pass neo4j:7687;
  }
}

基本上你需要使用 tcp 反向代理而不是 http 代理。上述配置部分将位于顶层,而不是内部httpserver

于 2017-09-01T10:13:36.230 回答
2

您需要在笔记本电脑和服务器 hsoting neo4j 之间打开端口 7687。

如果您使用的是让我们加密并尝试通过 SSL 连接。neo4j 嵌入式证书未由在我的 chrome 浏览器中生成错误的权威机构签名。

为了使它起作用,我必须将我的证书复制到 neo4j 证书中:

sudo su 
cp /etc/letsencrypt/live/MYDOMAIN/fullchain.pem /var/lib/neo4j/certificates/neo4j.cert 
cp /etc/letsencrypt/live/MYDOMAIN/privkey.pem /var/lib/neo4j/certificates/neo4j.key 
service neo4j restart
于 2017-10-08T20:10:00.083 回答
0

这是有效的:

worker_processes auto;

events {
    worker_connections 1024;
}

http {
    map $http_upgrade $connection_upgrade {
        "" close;
        default upgrade;
    }
    
    upstream neo4j_bolt {
        server neo4j:7687;
    }
    
    upstream neo4j_insecure {
        server neo4j:7474;
    }
    
    upstream neo4j_secure {
        server neo4j:7473;
    }
    
    server {
        listen 80;
        server_name localhost;
        
        location / {
            proxy_pass http://neo4j_insecure;
            proxy_http_version 1.1;
            proxy_set_header Connection "";
            proxy_set_header Host $host;
        }
    }
    
    server {
        listen 443 ssl;
        server_name localhost;
        
        #SSL/https
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:10m;
        ssl_ecdh_curve secp384r1;
        ssl_certificate /etc/nginx/conf.d/ssl/nginx.crt;
        ssl_certificate_key /etc/nginx/conf.d/ssl/nginx.key;
        ssl_dhparam /etc/nginx/conf.d/ssl/dhparam.pem;
        
        location / {
            proxy_pass https://neo4j_secure;
            proxy_http_version 1.1;
            proxy_set_header Connection "";
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
    }
    
    server {
        listen 7687 ssl;
        server_name localhost;
        
        #SSL/https
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:10m;
        ssl_ecdh_curve secp384r1;
        ssl_certificate /etc/nginx/conf.d/ssl/nginx.crt;
        ssl_certificate_key /etc/nginx/conf.d/ssl/nginx.key;
        ssl_dhparam /etc/nginx/conf.d/ssl/dhparam.pem;
        
        location / {
            proxy_pass https://neo4j_bolt;
            proxy_http_version 1.1;
            proxy_set_header Connection Upgrade;
            proxy_set_header Host $host;
            proxy_set_header Upgrade $connection_upgrade;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
    }
    
    server {
        listen 7688;
        server_name localhost;
        
        location / {
            proxy_pass http://neo4j_bolt;
            proxy_http_version 1.1;
            proxy_set_header Connection Upgrade;
            proxy_set_header Host $host;
            proxy_set_header Upgrade $connection_upgrade;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
    }
}

Dockerized 解决方案在这里:https ://github.com/joehoeller/nginx-server-neo4j-graph-db

于 2020-11-12T23:56:40.357 回答