带有反向代理和 NGINX 的 Neo4j
Neo4j with a reverse proxy and NGINX
我在使用 NGINX 通过反向代理访问 Neo4j 时遇到问题。
Web 客户端运行没有问题,但我对 Bolt 协议一无所知。
Web 客户端的工作方式如下:
server {
listen 80;
server_name XXX;
location / {
proxy_pass http://YYY:7474/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_buffering off;
}
}
但是端口 7687 上的 Bolt 协议如何工作?
谢谢。
PS: Google 译者 ftw.
您需要使用--with-stream
编译的nginx。然后你可以将下面的部分添加到你的 nginx 配置
stream {
server {
listen 7687;
proxy_pass neo4j:7687;
}
}
基本上你需要使用tcp反向代理而不是http代理。上面的配置部分将位于顶层,而不是在 http
或 server
块内
您需要在笔记本电脑和 hsoting neo4j 服务器之间打开端口 7687。
如果您正在使用,让我们加密并尝试通过 SSL 连接。 neo4j 嵌入式证书未由在我的 chrome 浏览器中生成错误的授权机构签名。
为了让它工作,我必须在 neo4j 证书中复制我的证书:
sudo su
cp /etc/letsencrypt/live/MYDOMAIN/fullchain.pem /var/lib/neo4j/certificates/neo4j.cert
cp /etc/letsencrypt/live/MYDOMAIN/privkey.pem /var/lib/neo4j/certificates/neo4j.key
service neo4j restart
这是有效的:
worker_processes auto;
events {
worker_connections 1024;
}
http {
map $http_upgrade $connection_upgrade {
"" close;
default upgrade;
}
upstream neo4j_bolt {
server neo4j:7687;
}
upstream neo4j_insecure {
server neo4j:7474;
}
upstream neo4j_secure {
server neo4j:7473;
}
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://neo4j_insecure;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host $host;
}
}
server {
listen 443 ssl;
server_name localhost;
#SSL/https
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_ecdh_curve secp384r1;
ssl_certificate /etc/nginx/conf.d/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/conf.d/ssl/nginx.key;
ssl_dhparam /etc/nginx/conf.d/ssl/dhparam.pem;
location / {
proxy_pass https://neo4j_secure;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 7687 ssl;
server_name localhost;
#SSL/https
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_ecdh_curve secp384r1;
ssl_certificate /etc/nginx/conf.d/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/conf.d/ssl/nginx.key;
ssl_dhparam /etc/nginx/conf.d/ssl/dhparam.pem;
location / {
proxy_pass https://neo4j_bolt;
proxy_http_version 1.1;
proxy_set_header Connection Upgrade;
proxy_set_header Host $host;
proxy_set_header Upgrade $connection_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 7688;
server_name localhost;
location / {
proxy_pass http://neo4j_bolt;
proxy_http_version 1.1;
proxy_set_header Connection Upgrade;
proxy_set_header Host $host;
proxy_set_header Upgrade $connection_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
}
此处为 Docker 化解决方案:https://github.com/joehoeller/nginx-server-neo4j-graph-db
我在使用 NGINX 通过反向代理访问 Neo4j 时遇到问题。
Web 客户端运行没有问题,但我对 Bolt 协议一无所知。
Web 客户端的工作方式如下:
server {
listen 80;
server_name XXX;
location / {
proxy_pass http://YYY:7474/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_buffering off;
}
}
但是端口 7687 上的 Bolt 协议如何工作?
谢谢。
PS: Google 译者 ftw.
您需要使用--with-stream
编译的nginx。然后你可以将下面的部分添加到你的 nginx 配置
stream {
server {
listen 7687;
proxy_pass neo4j:7687;
}
}
基本上你需要使用tcp反向代理而不是http代理。上面的配置部分将位于顶层,而不是在 http
或 server
块内
您需要在笔记本电脑和 hsoting neo4j 服务器之间打开端口 7687。
如果您正在使用,让我们加密并尝试通过 SSL 连接。 neo4j 嵌入式证书未由在我的 chrome 浏览器中生成错误的授权机构签名。
为了让它工作,我必须在 neo4j 证书中复制我的证书:
sudo su
cp /etc/letsencrypt/live/MYDOMAIN/fullchain.pem /var/lib/neo4j/certificates/neo4j.cert
cp /etc/letsencrypt/live/MYDOMAIN/privkey.pem /var/lib/neo4j/certificates/neo4j.key
service neo4j restart
这是有效的:
worker_processes auto;
events {
worker_connections 1024;
}
http {
map $http_upgrade $connection_upgrade {
"" close;
default upgrade;
}
upstream neo4j_bolt {
server neo4j:7687;
}
upstream neo4j_insecure {
server neo4j:7474;
}
upstream neo4j_secure {
server neo4j:7473;
}
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://neo4j_insecure;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host $host;
}
}
server {
listen 443 ssl;
server_name localhost;
#SSL/https
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_ecdh_curve secp384r1;
ssl_certificate /etc/nginx/conf.d/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/conf.d/ssl/nginx.key;
ssl_dhparam /etc/nginx/conf.d/ssl/dhparam.pem;
location / {
proxy_pass https://neo4j_secure;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 7687 ssl;
server_name localhost;
#SSL/https
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_ecdh_curve secp384r1;
ssl_certificate /etc/nginx/conf.d/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/conf.d/ssl/nginx.key;
ssl_dhparam /etc/nginx/conf.d/ssl/dhparam.pem;
location / {
proxy_pass https://neo4j_bolt;
proxy_http_version 1.1;
proxy_set_header Connection Upgrade;
proxy_set_header Host $host;
proxy_set_header Upgrade $connection_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 7688;
server_name localhost;
location / {
proxy_pass http://neo4j_bolt;
proxy_http_version 1.1;
proxy_set_header Connection Upgrade;
proxy_set_header Host $host;
proxy_set_header Upgrade $connection_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
}
此处为 Docker 化解决方案:https://github.com/joehoeller/nginx-server-neo4j-graph-db