K
Q

Neo4j - How to access bolt from a secure connection using Docker image?

8/21/2017

New to Docker. So I have managed to deploy the official Neo4j EE Docker image to Google Container Engine, and when running my Angular application from localhost everything is fine (because it's not coming from a secure connection).

However, when I deploy the app to Firebase, then the app makes all calls to the DB/Docker container from a secure connection, which results in the following error:

Mixed Content: The page at 'https://luminate-testing-24112016.firebaseapp.com/dashboard'
was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint
'ws://35.196.251.244:7687/'. This request has been blocked; this endpoint must be available
over WSS.

Note that this happens regardless of whether the Docker image is deployed to GKE or AWS.

Here are my yaml files:

apiVersion: v1
kind: Service
metadata:
  name: neo4j
spec:
  type: LoadBalancer
  loadBalancerSourceRanges:
  - 0.0.0.0/0
  ports:
  - name: browser
    port: 7474
    protocol: TCP
  - name: bolt
    port: 7687
    protocol: TCP
  - name: https
    port: 7473
    protocol: TCP
  selector:
    app: neo4j

apiVersion: "apps/v1beta1"
kind: StatefulSet
metadata:
  name: neo4j
spec:
  serviceName: neo4j
  replicas: 1
  template:
    metadata:
      labels:
        app: neo4j
    spec:
      containers:
      - name: neo4j
        image: luminateqr/neo4j-with-apoc:latest
        imagePullPolicy: Always
        ports:
        - name: browser
          containerPort: 7474
        - name: bolt
          containerPort: 7687
        - name: https
          containerPort: 7473
        volumeMounts:
        - name: neo4j-data
          mountPath: /data
  volumeClaimTemplates:
  - metadata:
      name: neo4j-data
      annotations:
        volume.beta.kubernetes.io/storage-class: slow
    spec:
      accessModes: [ "ReadWriteOnce" ]
      resources:
        requests:
          storage: 50Gi

kind: StorageClass
apiVersion: storage.k8s.io/v1beta1
metadata:
  name: slow
provisioner: kubernetes.io/gce-pd
parameters:
  type: pd-standard
  zone: us-east1-c

There are a few questions and answers floating around that seem similar, but I can't figure out which ones apply and which ones don't. I understand that setting up a websocket over TLS has something to do with it, but there is no consistent and/or explicit answer on how to do this (which seems odd as this is probably a common scenario)

-- Jason Simpson
angular
docker
google-kubernetes-engine
neo4j

Similar Questions

fresh minikube install hangs when starting (ssh error)
Go Protobuf Coder/Encoder Errors
Microsoft Azure with Kubernetes and Helm "The maximum number of data disks allowed to be attached to a VM of this size is 4."
Logs not showing up in google cloud console when running cron jobs in GKE

1 Answer

8/21/2017

You should set this parameter in your neo4j.conf

dbms.connector.bolt.tls_level=REQUIRED

In case of docker you have the options described here: Config file for Neo4j Docker Image

-- szenyo
Source: StackOverflow