带有反向代理和 NGINX 的 Neo4j

Neo4j with a reverse proxy and NGINX

我在使用 NGINX 通过反向代理访问 Neo4j 时遇到问题。

Web 客户端运行没有问题,但我对 Bolt 协议一无所知。

Web 客户端的工作方式如下:

server {
    listen 80;
    server_name XXX;

    location / {
        proxy_pass http://YYY:7474/;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;
        proxy_buffering off;
    }
}

但是端口 7687 上的 Bolt 协议如何工作?

谢谢。

PS: Google 译者 ftw.

您需要使用--with-stream编译的nginx。然后你可以将下面的部分添加到你的 nginx 配置

stream {
  server {
    listen 7687;
    proxy_pass neo4j:7687;
  }
}

基本上你需要使用tcp反向代理而不是http代理。上面的配置部分将位于顶层,而不是在 httpserver 块内

您需要在笔记本电脑和 hsoting neo4j 服务器之间打开端口 7687。

如果您正在使用,让我们加密并尝试通过 SSL 连接。 neo4j 嵌入式证书未由在我的 chrome 浏览器中生成错误的授权机构签名。

为了让它工作,我必须在 neo4j 证书中复制我的证书:

sudo su 
cp /etc/letsencrypt/live/MYDOMAIN/fullchain.pem /var/lib/neo4j/certificates/neo4j.cert 
cp /etc/letsencrypt/live/MYDOMAIN/privkey.pem /var/lib/neo4j/certificates/neo4j.key 
service neo4j restart

这是有效的:

worker_processes auto;

events {
    worker_connections 1024;
}

http {
    map $http_upgrade $connection_upgrade {
        "" close;
        default upgrade;
    }
    
    upstream neo4j_bolt {
        server neo4j:7687;
    }
    
    upstream neo4j_insecure {
        server neo4j:7474;
    }
    
    upstream neo4j_secure {
        server neo4j:7473;
    }
    
    server {
        listen 80;
        server_name localhost;
        
        location / {
            proxy_pass http://neo4j_insecure;
            proxy_http_version 1.1;
            proxy_set_header Connection "";
            proxy_set_header Host $host;
        }
    }
    
    server {
        listen 443 ssl;
        server_name localhost;
        
        #SSL/https
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:10m;
        ssl_ecdh_curve secp384r1;
        ssl_certificate /etc/nginx/conf.d/ssl/nginx.crt;
        ssl_certificate_key /etc/nginx/conf.d/ssl/nginx.key;
        ssl_dhparam /etc/nginx/conf.d/ssl/dhparam.pem;
        
        location / {
            proxy_pass https://neo4j_secure;
            proxy_http_version 1.1;
            proxy_set_header Connection "";
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
    }
    
    server {
        listen 7687 ssl;
        server_name localhost;
        
        #SSL/https
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:10m;
        ssl_ecdh_curve secp384r1;
        ssl_certificate /etc/nginx/conf.d/ssl/nginx.crt;
        ssl_certificate_key /etc/nginx/conf.d/ssl/nginx.key;
        ssl_dhparam /etc/nginx/conf.d/ssl/dhparam.pem;
        
        location / {
            proxy_pass https://neo4j_bolt;
            proxy_http_version 1.1;
            proxy_set_header Connection Upgrade;
            proxy_set_header Host $host;
            proxy_set_header Upgrade $connection_upgrade;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
    }
    
    server {
        listen 7688;
        server_name localhost;
        
        location / {
            proxy_pass http://neo4j_bolt;
            proxy_http_version 1.1;
            proxy_set_header Connection Upgrade;
            proxy_set_header Host $host;
            proxy_set_header Upgrade $connection_upgrade;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
    }
}

此处为 Docker 化解决方案:https://github.com/joehoeller/nginx-server-neo4j-graph-db