Forced to use wss:// when behind proxy from https to http

[mijosch]

• Neo4j version: 4.1.1
• Operating system: docker
• API/Driver: web interface

Using unsecured (http) neo4j via reverse proxy as a secured endpoint (https)

(client) - [https]- (reverse_proxy) - [http] - (neo4j)

• Expected behavior the normal bolt -> ws:// interface is used

• Actual behavior you are forced to use the bolt+s -> wss:// secure interface

I am trying to build an environment where you have just one path inside the infrastructure through the reverse proxy. The connection between the client and the reverse proxy should be https and the rest http for easiness. I can reach the web interface with no hassle but then I am forced to use the bolt+s interface.

Already tried:

• manipulating all headers so there is no https information in it

error source:

• maybe neo4j is watching the original query which contains the scheme

Is there a solution to this?

[WolfgangFahl]

same here - does not work out of the box behind proxy.

a dockerized neo4j should work with the following apache config:

# docker services
ProxyPass /neo4j/ http://localhost:7474/
ProxyPassReverse /neo4j/ http://localhost:7474/

ProxyPass /bolt/ http://localhost:7687/
ProxyPassReverse /bolt/ http://localhost:7687/

but i found no hint where to go from there.