Geek Answers Handbook

Neo4j webinterface behind nginx reverse proxy

I am trying to open a neo4j database on the Internet.

For security reasons, I would like to hide it behind an SSL / basic_auth combination via nginx. Here is the corresponding nginx configuration:

location /neo4j/ { proxy_pass https://localhost:7473/; proxy_read_timeout 600; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X_FORWARDED_PROTO https; proxy_set_header Host $http_host; proxy_buffering off; proxy_redirect off; auth_basic "restricted"; auth_basic_user_file /etc/nginx/auth/htpasswd; proxy_headers_hash_max_size 1024; proxy_headers_hash_bucket_size 128; proxy_ssl_session_reuse off; rewrite /neo4j/(.*) /$1 break; }

While I can access https://example.com/neo4j/browser , the web interface tells me that it cannot connect to neo4j, and my web browser console is populating OPTIONS https://example.com/db/data 405(Not allowed)

I also tried creating neo4j on an https server along with an authentication extension ( https://github.com/neo4j-contrib/authentication-extension ). With this option, I can also access the web interface.

But the interface also shows that it cannot connect to the neo4j console and webbrowser, it populates OPTIONS http://example.com:7473/db/data/ net::ERR_EMPTY_RESPONSE and the tip The page at 'https://example.com:7473/browser/' was loaded over HTTPS, but displayed insecure content from 'http://example.com:7473/db/data/': this content should also be loaded over HTTPS.

Does anyone know how to make it work? Thank you very much in advance!

+7
ssl neo4j proxy reverse-proxy nginx
source share
2 answers

I ran into the same problem and it is strange the lack of information about Nginx as a web server combined with neo4j. It is strange that the only link to the reverse proxy server in the official document - Apache - is not impressed.

Just FYI I use dockers from neo4j ( https://github.com/neo4j/docker-neo4j/tree/master/2.3.2 ) by default (if you want to know other settings). It doesn't matter if you run neo4j due to an external docker. The next Nginx conf will be the same.

 location /neo4j/ { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_redirect off; proxy_buffering off; proxy_pass http://YOUR-IP:7474/browser/; } location /db/data/ { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_redirect off; proxy_buffering off; proxy_pass http://YOUR-IP:7474/db/data/; }

Replace YOUR-IP with yours and change 7474 to 7473 if you use HTTPS instead of HTTP.

It worked for me.

+3
source share

An OPTIONS request is required to verify the connection to the Neo4j server. I think of it as a heart to test the connection. Nginx doesn't seem to support OPTIONS requests, but the request can be intercepted by something like this:

 location / { if ($request_method = OPTIONS ) { add_header Access-Control-Allow-Origin "https://example.com"; add_header Access-Control-Allow-Methods "GET, OPTIONS"; add_header Access-Control-Allow-Headers "Authorization"; add_header Access-Control-Allow-Credentials "true"; add_header Content-Length 0; add_header Content-Type text/plain; return 200; } }

Source: http://blog.rogeriopvl.com/archives/nginx-and-the-http-options-method/

+2
source share

More articles:


All Articles