Open abhi2495 opened 6 years ago
I am having a very similar issue too. Neo4j service is running behind a nginx proxy (on an EC2 instance) .
I can access the database through the javascript api from my web app, but not through the browser client. I can open the browser client but not connect to the database (through neither http, nor https, nor bolt)
The error reported is
"ServiceUnavailable: WebSocket connection failure. Due to security constraints in your web browser, the reason for the failure is not available to this Neo4j Driver. Please use your browsers development console to determine the root cause of the failure. Common reasons include the database being unavailable, using the wrong connection URL or temporary network problems. If you have enabled encryption, ensure your browser is configured to trust the certificate Neo4j is configured to use. WebSocket readyState
is: 3"
Other issues report a java version discrepancy but I don't have that. My neo4j version is 3.3.1, java version 8, Ubuntu16.04
All ideas are welcome! Thanks Mark
This may be related to a neo4j config setting. At one point I had this working (https is served via cloudfront through nginx to a different EC2 host). I can connect properly via ssh tunnel (localhost:7687) for API access, but the /browser fails to establish a wss: connection, either complaining about certificates or connection refused upon attempt to connect to the server.
This recently stopped working but unfortunately I hadn't saved a snapshot of the config and it was overwritten by the AWS pre-neo4j script.
Has anyone figured this out? We are facing a similar problem here. I have tried with stream in nginx but no avail.
I have tried doing this, nginx does not seem to be working well as proxy for bolt server, I ended up opening the 7687 port and allowing bolt server to be directly accessed without nginx. This issue is not related to neo4j browser, it is more related to bolt server and IMO can be resolved by proper nginx setup, if given enough time.
+1
Hi, I was trying to setup a neo4j 4.0 instance on a local network and serve it through a domain. I've got both the browser and the python driver to work and thought I'd share my configs and findings here as it may be of help.
I run both neo4j and nginx from docker.
I wanted to run everything through SSL so I obtained the certificates for bolt.domain.com
and neo4j.domain.com
from Let's encrypt.
First I tried the builtin SSL termination of neo4j and set up bolt
and HTTPS
runners. The browser did not work but python drivers did.
Then I decided to run both bolt
and HTTP
unencrypted from the neo4 container and reverse proxy it with SSL termination with nginx. This time the situation flipped. The browser started working but the python driver did not. As it turns out, the browser uses websockets
to communicate through bolt
and the python driver some other TCP stream.
The working configuration is not the most elegant but seems to work. Run three servers in nginx, two with SSL termination and one TCP stream without.
One host, 192.168.0.1
runs the neo4j instance and has ports 7474
and 7687
open to the other host, 192.168.0.2
, which listens on 7688
from the python driver and 7687
from the browser.
Here is the neo4j config
dbms.default_listen_address=0.0.0.0 dbms.default_advertised_address=bolt.domain.com # Bolt connector dbms.connector.bolt.enabled=true dbms.connector.bolt.tls_level=OPTIONAL dbms.connector.bolt.listen_address=0.0.0.0:7687 dbms.connector.bolt.advertised_address=bolt.domain.com # HTTP Connector. There can be zero or one HTTP connectors. dbms.connector.http.enabled=true dbms.connector.http.listen_address=0.0.0.0:7474 dbms.connector.http.advertised_address=neo4j.domain # Bolt SSL configuration dbms.ssl.policy.bolt.enabled=true dbms.ssl.policy.bolt.base_directory=certificates/bolt dbms.ssl.policy.bolt.private_key=private.key dbms.ssl.policy.bolt.public_certificate=public.crt
and the nginx config
http { upstream neo4j { server 192.168.0.2:7474; } upstream bolt { server 192.168.0.2:7687; } server { listen 443 ssl; server_name neo4j.domain.com; ssl_certificate /etc/nginx/certificates/https/public.crt; ssl_certificate_key /etc/nginx/certificates/https/private.key; location / { proxy_pass http://neo4j; } } server { listen 7687 ssl; server_name bolt.domain.com; ssl_certificate /etc/nginx/certificates/bolt/public.crt; ssl_certificate_key /etc/nginx/certificates/bolt/private.key; location / { proxy_pass http://bolt; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } stream { server { listen 7688; proxy_pass 192.168.0.2:7687; proxy_timeout 3s; proxy_connect_timeout 1s; } } }
Hope this helps. Cheers.
@peterpribeli do you have a gittub repo we can look at, beacuse i cannot reproduce(?)
http { } errors out ans says it cant be there as well.
I am not sure how @neo4j expects anyone to test their stuff out before buying if you canbt serve it. They need a working nginx file for ppl to use, end of story.
We were going to evaluate but because we couldnt get it working we are moving on to a free graph db. Guess they lost out on an enterprise lisc'. My advice is to move on - plenty of real open src options w/ better flexibility for serving.
I was able to get this working with these config:
dbms.default_listen_address=0.0.0.0
dbms.default_advertised_address=adystech.com
dbms.connector.bolt.listen_address=:7687
dbms.connector.bolt.advertised_address=:8888
stream {
upstream backend {
hash $remote_addr consistent;
server ubuntu:7687 max_fails=3 fail_timeout=30s;
}
server {
listen 8888 so_keepalive=on ;
preread_timeout 30s;
proxy_connect_timeout 1s;
proxy_timeout 3s;
proxy_pass backend;
}
}
#this is under http/server section
location /neo4j/ {
proxy_buffering on;
proxy_buffers 8 128k;
proxy_buffer_size 128k;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_intercept_errors on;
proxy_pass http://ubuntu:7474/;
proxy_redirect default;
error_page 502 500 /error-50x.html;
error_page 404 /error-40x.html;
proxy_cache node_cache;
proxy_cache_valid 200 302 5s;
proxy_cache_valid 404 1m;
proxy_cache_valid 502 1m;
add_header X-Cache-Status $upstream_cache_status;
}
I was able to get this working with these config:
on server side
dbms.default_listen_address=0.0.0.0 dbms.default_advertised_address=adystech.com dbms.connector.bolt.listen_address=:7687 dbms.connector.bolt.advertised_address=:8888
on nginx
stream { upstream backend { hash $remote_addr consistent; server ubuntu:7687 max_fails=3 fail_timeout=30s; } server { listen 8888 so_keepalive=on ; preread_timeout 30s; proxy_connect_timeout 1s; proxy_timeout 3s; proxy_pass backend; } } #this is under http/server section location /neo4j/ { proxy_buffering on; proxy_buffers 8 128k; proxy_buffer_size 128k; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_intercept_errors on; proxy_pass http://ubuntu:7474/; proxy_redirect default; error_page 502 500 /error-50x.html; error_page 404 /error-40x.html; proxy_cache node_cache; proxy_cache_valid 200 302 5s; proxy_cache_valid 404 1m; proxy_cache_valid 502 1m; add_header X-Cache-Status $upstream_cache_status; }
Hi @mvadu thanks for providing the nginx config and neo4j config. I have tried it but i still get the error around WebSocket connection failure. could you please provide your complete nginx config and neo4j config please? so that i can cross check if i have missed anything? Thank you
Just use my container & be done w the headaches.
https://github.com/joehoeller/nginx-server-neo4j-graph-db
On Tue, Jul 14, 2020 at 8:17 AM ramagudepu notifications@github.com wrote:
I was able to get this working with these config: on server side
dbms.default_listen_address=0.0.0.0 dbms.default_advertised_address=adystech.com dbms.connector.bolt.listen_address=:7687 dbms.connector.bolt.advertised_address=:8888
on nginx
stream {
upstream backend { hash $remote_addr consistent; server ubuntu:7687 max_fails=3 fail_timeout=30s; }
server { listen 8888 so_keepalive=on ; preread_timeout 30s; proxy_connect_timeout 1s; proxy_timeout 3s; proxy_pass backend; } }
this is under http/server section
location /neo4j/ { proxy_buffering on; proxy_buffers 8 128k; proxy_buffer_size 128k; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_intercept_errors on; proxy_pass http://ubuntu:7474/; proxy_redirect default; error_page 502 500 /error-50x.html; error_page 404 /error-40x.html; proxy_cache node_cache; proxy_cache_valid 200 302 5s; proxy_cache_valid 404 1m; proxy_cache_valid 502 1m; add_header X-Cache-Status $upstream_cache_status; }
Hi @mvadu https://github.com/mvadu thanks for providing the nginx config and neo4j config. I have tried it but i still get the error around WebSocket connection failure. could you please provide your complete nginx config and neo4j config please? so that i can cross check if i have missed anything? Thank you
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/neo4j/neo4j-browser/issues/788#issuecomment-658173626, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABHVQHG4ECN5EQCJXPT4DOLR3RLHNANCNFSM4FGTAHRQ .
Just use my container & be done w the headaches. https://github.com/joehoeller/nginx-server-neo4j-graph-db … On Tue, Jul 14, 2020 at 8:17 AM ramagudepu @.***> wrote: I was able to get this working with these config: on server side dbms.default_listen_address=0.0.0.0 dbms.default_advertised_address=adystech.com dbms.connector.bolt.listen_address=:7687 dbms.connector.bolt.advertised_address=:8888 on nginx stream { upstream backend { hash $remote_addr consistent; server ubuntu:7687 max_fails=3 fail_timeout=30s; } server { listen 8888 so_keepalive=on ; preread_timeout 30s; proxy_connect_timeout 1s; proxy_timeout 3s; proxy_pass backend; } } #this is under http/server section location /neo4j/ { proxy_buffering on; proxy_buffers 8 128k; proxy_buffer_size 128k; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_intercept_errors on; proxy_pass http://ubuntu:7474/; proxy_redirect default; error_page 502 500 /error-50x.html; error_page 404 /error-40x.html; proxy_cache node_cache; proxy_cache_valid 200 302 5s; proxy_cache_valid 404 1m; proxy_cache_valid 502 1m; add_header X-Cache-Status $upstream_cache_status; } Hi @mvadu https://github.com/mvadu thanks for providing the nginx config and neo4j config. I have tried it but i still get the error around WebSocket connection failure. could you please provide your complete nginx config and neo4j config please? so that i can cross check if i have missed anything? Thank you — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#788 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABHVQHG4ECN5EQCJXPT4DOLR3RLHNANCNFSM4FGTAHRQ .
Thank you @joehoeller will try that now.
Hi @joehoeller could you also please share your neo4j configuration file, as my container failed to start and throwing an error saying Address 0.0.0.0:7687 is already in use, cannot bind to it. Thank you
That’s not the issue. You can change the port on the docker file and expose a diff one.
Or do:
docker ps -a
Get the name of other container on that port and then type in:
docker rm -f
On Tue, Jul 14, 2020 at 9:02 AM ramagudepu notifications@github.com wrote:
Hi @joehoeller https://github.com/joehoeller could you also please share your neo4j configuration file, as my container failed to start and throwing an error saying Address 0.0.0.0:7687 is already in use, cannot bind to it. Thank you
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/neo4j/neo4j-browser/issues/788#issuecomment-658198560, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABHVQHGX2QH47DLRWOTWLHTR3RQQTANCNFSM4FGTAHRQ .
That’s not the issue. You can change the port on the docker file and expose a diff one. Or do: docker ps -a Get the name of other container on that port and then type in: docker rm -f
… On Tue, Jul 14, 2020 at 9:02 AM ramagudepu @.***> wrote: Hi @joehoeller https://github.com/joehoeller could you also please share your neo4j configuration file, as my container failed to start and throwing an error saying Address 0.0.0.0:7687 is already in use, cannot bind to it. Thank you — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#788 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABHVQHGX2QH47DLRWOTWLHTR3RQQTANCNFSM4FGTAHRQ .
Hi @joehoeller, thank you for your reply. I just wanted to let you know a bit more detail on what i am trying to do I have created 2 container instances with in Azure under 1 container group(These are not docker enabled). In 1 container i have neo4j and the other container I have nginx. I have purchased a domain name and assigned it to the container group. when i try and access the browser it is working fine and i can view the web page. But when i try and connect to the neo4j database it is throwing an error saying ServiceUnavailable: WebSocket connection failure. Due to security constraints in your web browser, the reason for the failure is not available to this Neo4j Driver. I have been trying to get this working for the past 2-3 weeks but still no luck.
I have also replicated the nginx configuration provided in your github, but still I get the same issue. Thanks
Just use my container as is. They need to be on same Docker network.
On Tue, Jul 14, 2020 at 9:44 AM ramagudepu notifications@github.com wrote:
That’s not the issue. You can change the port on the docker file and expose a diff one. Or do: docker ps -a Get the name of other container on that port and then type in: docker rm -f … <#m-6597858560001380575> On Tue, Jul 14, 2020 at 9:02 AM ramagudepu @.***> wrote: Hi @joehoeller https://github.com/joehoeller https://github.com/joehoeller could you also please share your neo4j configuration file, as my container failed to start and throwing an error saying Address 0.0.0.0:7687 is already in use, cannot bind to it. Thank you — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#788 (comment) https://github.com/neo4j/neo4j-browser/issues/788#issuecomment-658198560>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABHVQHGX2QH47DLRWOTWLHTR3RQQTANCNFSM4FGTAHRQ .
Hi @joehoeller https://github.com/joehoeller, thank you for your reply. I just wanted to let you know a bit more detail on what i am trying to do I have created 2 container instances with in Azure under 1 container group(These are not docker enabled). In 1 container i have neo4j and the other container I have nginx. I have purchased a domain name and assigned it to the container group. when i try and access the browser it is working fine and i can view the web page. But when i try and connect to the neo4j database it is throwing an error saying ServiceUnavailable: WebSocket connection failure. Due to security constraints in your web browser, the reason for the failure is not available to this Neo4j Driver. I have been trying to get this working for the past 2-3 weeks but still no luck.
I have also replicated the nginx configuration provided in your github, but still I get the same issue. Thanks
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/neo4j/neo4j-browser/issues/788#issuecomment-658222192, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABHVQHAONQARZXERLV53W6LR3RVOHANCNFSM4FGTAHRQ .
Hi, I was trying to setup a neo4j 4.0 instance on a local network and serve it through a domain. I've got both the browser and the python driver to work and thought I'd share my configs and findings here as it may be of help.
I run both neo4j and nginx from docker. I wanted to run everything through SSL so I obtained the certificates for
bolt.domain.com
andneo4j.domain.com
from Let's encrypt. First I tried the builtin SSL termination of neo4j and set upbolt
andHTTPS
runners. The browser did not work but python drivers did.Then I decided to run both
bolt
andHTTP
unencrypted from the neo4 container and reverse proxy it with SSL termination with nginx. This time the situation flipped. The browser started working but the python driver did not. As it turns out, the browser useswebsockets
to communicate throughbolt
and the python driver some other TCP stream.The working configuration is not the most elegant but seems to work. Run three servers in nginx, two with SSL termination and one TCP stream without.
One host,
192.168.0.1
runs the neo4j instance and has ports7474
and7687
open to the other host,192.168.0.2
, which listens on7688
from the python driver and7687
from the browser. Here is the neo4j configdbms.default_listen_address=0.0.0.0 dbms.default_advertised_address=bolt.domain.com
Bolt connector
dbms.connector.bolt.enabled=true dbms.connector.bolt.tls_level=OPTIONAL dbms.connector.bolt.listen_address=0.0.0.0:7687 dbms.connector.bolt.advertised_address=bolt.domain.com
HTTP Connector. There can be zero or one HTTP connectors.
dbms.connector.http.enabled=true dbms.connector.http.listen_address=0.0.0.0:7474 dbms.connector.http.advertised_address=neo4j.domain
Bolt SSL configuration
dbms.ssl.policy.bolt.enabled=true dbms.ssl.policy.bolt.base_directory=certificates/bolt dbms.ssl.policy.bolt.private_key=private.key dbms.ssl.policy.bolt.public_certificate=public.crt
and the nginx config
http { upstream neo4j { server 192.168.0.2:7474; } upstream bolt { server 192.168.0.2:7687; } server { listen 443 ssl; server_name neo4j.domain.com; ssl_certificate /etc/nginx/certificates/https/public.crt; ssl_certificate_key /etc/nginx/certificates/https/private.key; location / { proxy_pass http://neo4j; } } server { listen 7687 ssl; server_name bolt.domain.com; ssl_certificate /etc/nginx/certificates/bolt/public.crt; ssl_certificate_key /etc/nginx/certificates/bolt/private.key; location / { proxy_pass http://bolt; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } stream { server { listen 7688; proxy_pass 192.168.0.2:7687; proxy_timeout 3s; proxy_connect_timeout 1s; } } }
Hope this helps. Cheers.
It helped me a lot on neo4j 4.4 thanks!
I go to https://neo4j.domain.com, then I enter neo4j+s://bolt.domain.com:7688 and my credentials and voilà!
My use case was to tamper with my remote database through the browser while keeping password and data safe from eavesdropping.
I have been trying to setup neo4j server in public cloud (installed in Amazon AWS EC2, Ubuntu 16 AMI) which I need to access from remote machine. Since I have to access it from a restricted Corporate Network,I decided to set up Nginx as proxy. I followed the Neo4j Doc and bunch of stackoverflow questions.With these I could hit the Neo4j server ,but couldnt connect to it's DB. Here is the Browser Snapshot. Can someone help me out if I am missing something here? What should I do to access the DB?
Network Connector Configuration of Neo4j:
` dbms.connectors.default_listen_address=0.0.0.0 dbms.connectors.default_advertised_address=ec2-xx-xx-xx-xx.compute-1.amazonaws.com
dbms.connector.bolt.enabled=true dbms.connector.bolt.listen_address=:17687 dbms.connector.bolt.advertised_address=:7687
dbms.connector.http.enabled=true dbms.connector.http.listen_address=:17474
dbms.connector.https.enabled=true
`
Neo4j Version: 3.4.1 Operating System: Ubuntu 16.04 API: Java Driver
Steps to reproduce
Expected behavior
Should be able to communicate with DB and ask for username, password only (in Browser), and should be able to connect to Db through Java Driver
Actual behavior
In Browser, Showing "Database access not available. Please use :server connect to establish connection. There's a graph waiting for you." Asking for Host. In Java Console, showing "unable to connect to ...,, ensure the database is running and that there is a working network connection to it."