Using Nginx to proxy a Neo4j instance

There are cases when you want to access your Neo4j instance remotely and you live in an environment where direct access is not possible. This might be caused by technical or organizational restrictions.

One generic solution to this kind of problems is using a VPN. Another alternative to be discussed in this blog post is using a reverse proxy server. I want to show how you can proxy Neo4j using Nginx.

First of all run a neo4j instance. In order to not have false positive results I’m using non-standard ports for http (default 7474, using 17474 here) and bolt (default 7687, using 17687 here). Spinning up a test instance is easy in docker:

docker run --rm -e NEO4J_AUTH=none -p 17474:7474 -p 17687:7687 neo4j

1	docker run --rm -e NEO4J_AUTH=none -p 17474:7474 -p 17687:7687 neo4j

Note that I’ve switched off authentication, something that might be ok for testing, but is a clear no-go for any other kind of usage.

I’m installing Nginx directly on my system:

apt install nginx

1	apt install nginx

Then we need to map both communication channels: http and bolt. For the http part we add inside the server section of /etc/nginx/sites-available/default this snippet:

 location /browser/ {
     proxy_pass http://localhost:17474/; # &lt;-- replace with your neo4j instance's http servername + port
 }

location /browser/ {

proxy_pass http://localhost:17474/; # <-- replace with your neo4j instance's http servername + port

}

For the bolt protocol we amend to /etc/nginx/nginx.conf:

stream {
    server {
        listen 7687;
        proxy_pass localhost:17687; # &lt;--- replace this with your neo4j server and bolt port
    }
}

stream {

server {

listen 7687;

proxy_pass localhost:17687; # <--- replace this with your neo4j server and bolt port

}

After a restart of nginx pointing your browser to http://localhost/browser should show up the neo4j browser.

4 replies on “Using Nginx to proxy a Neo4j instance”

Would be nice if you had a github to inspect because this doesnt work, even when i pull the same version from dockerhub.

What exactly didn’t work?

Hello Stefan
Greetings from Annecy, France.
Hello Stefan 🙂
We are trying to test neo4j browser on http://itskills.fr/browser (no ssl for now) we are getting 7687 socket error. Is the “stream” directive required by default? (we have direct access to nginx/openresty web server – no docker, ports 7687/7474 are open and port 80 is forwarded to 7474). Many thanks in advance.

Bonjour David, which version of Neo4j are you using? Note that 3.x by default tries to use encrypted bolt while 4.x uses unencrypted by default. My suspicion is that you’re using a encrypted connection but your server uses a self-signed certificate which is not accepted by the browser.

Cheers,
Stefan

4 replies on “Using Nginx to proxy a Neo4j instance”

Leave a Reply Cancel reply