Reputation: 11
Neo4j Browser bolt connection through reverse proxy can't connect
The core question I have is how do I force the Neo4j web browser to attempt database connections at the address I choose?
I am running the Neo4j CE docker container along with an nginx reverse proxy container and other containers on a single ec2 instance using docker-compose started as a service.
My domain is https, so all external traffic initially hits the aws application load balancer on port 443, but is then moved to port 80 by the load balancer before being directed to my single target group also on port 80.
Within the docker-compose group of containers running on the ec2 instance is the nginx reverse proxy container that listens on port 80.
Using the load balancer and the reverse proxy, outside requests to https://example.com/browser are directed through the proxy to the Neo4j container on port 7474 running within the docker-compose group which listens on port 7474.
This all works fine. I get the Neo4j browser. But when I try to connect to the database using bolt, I run into problems.
Within the nginx config is another proxy route that directs calls to https://example.com/bolt to the Neo4j container on port 7687. The nginx config is set to proxy websocket traffic on this bolt related route.
In the docker-compose file, I set the environmental variable for the neo4j container with:
NEO4J_dbms_connector_bolt_advertised__address=example.com/bolt:80.
Using Chrome, I go to https://example.com/browser and then attempt to connect to the database. Using the provided form, I manually enter (neo4j + s) example.com/bolt:80. (The load balancer redirects calls on port 80 to port 443, just as a note)
This eventually times out.
When you look at the Chrome browser console for errors you can see that the Neo4j browser is attempting a database connection at wss://example.com:7687. It appears my advertised address is being completely ignored and it is just tacking on the default bolt port to my domain.
How can I make the browser try for a database connection at my chosen address? (ie https://example.com/bolt:80)
Edit---As mentioned, the Browser is attempting a connection to the wrong address. I have now tried making the connection manually with PostMan and I get a 502 error from nginx. Is this related to the secure connection somehow? Did the browser try the correct address, fail, and then fall back to the root address only to fail again? Not sure.
Edit 2---it may be the case that this setup is not possible? https://community.neo4j.com/t/bolt-behind-apache-reverse-proxy-is-it-even-possible/5819
Thanks again for any help.
Upvotes: 1
Views: 1144
Answers (1)
Reputation: 6973
I'm not sure if you're still stuck with this but this blog post helped:- https://blog.y1zhou.com/neo4j-bolt-behind-traefik-in-docker
Managed to eventually get stuff proxying to bolt with Traefik via a specific port, key at the Traefik side was the HostSNI directives.
Upvotes: 0
Related Questions
- How to configure neo4j server to use bolt
- Failed to establish connection to Neo4j usign bolt scheme even after successfully enabling Bolt
- Neo4j with a reverse proxy and NGINX
- Unable to connect to neo4j from a docker instance
- .Net Connection to Bolt URI failing with Neo4jClient but not Neo4j.Driver
- NEO4J BoltConnectionError: No connection found, did you connect to Neo4j?
- How do I connect to a neo4j embedded instance via bolt using the neo4j browser?
- Neo4j Bolt: The client is unauthorized due to authentication failure
- Unable to establish a neo4j - bolt driver connection in javascript
- Can't connect with BOLT to a docker Neo4j