Bolt behind Apache reverse proxy, is it even possible?

(Marco Brandizi) #1

Hi all,

I'm having hard time trying to publish my Neo4j server as a public HTTP endpoint. I'm familiar with Apache configuration and basic TCP/IP, but not so expert on reverse proxy configuration.

Sorry, I've to continue my message here: https://gist.github.com/marco-brandizi/6a8c0194bf19077b5ff6db3d2d752b2c, due to the 5 URL limitation in this hereby forum.

Thanks in advance for any help.

1 Like

(M. David Allen) #2

Bolt isn't HTTP, and hence it isn't possible to proxy bolt using an HTTP proxy. HTTP is what's called a layer 7 application protocol, and the proxy is probably assuming that the data coming across the wire will be a certain way, because it's HTTP. But the data will never come that way, because it's a different layer 7 protocol (bolt, not http).

Now, you can proxy bolt -- you just can't do it via HTTP.

The docs have setup on how to do this with HAProxy, right here: https://neo4j.com/docs/operations-manual/current/ha-cluster/haproxy/#ha-haproxy-bolt

I'm not sure how to do it with Apache as a reverse proxy just because I've never tried, but if you want to give it a shot, try to proxy bolt as a TCP connection, not HTTP.

Finally -- proxying bolt will only work if what you're proxying is a single node. If you have a cluster, then Neo4j bolt+routing drivers operate in a way that might make proxying difficult. You can skip this if you're not using a cluster, but full details on that can be found here: https://medium.com/neo4j/querying-neo4j-clusters-7d6fde75b5b4

0 Likes

(Marco Brandizi) #3

Hi @david.allen,

thank you very much for your reply. It seems we have Apache and it doesn't support generic TCP connections. It supports websockets though, but it seems it requires URLs beginning with ws:// . If I get it well, making the Neo4j drivers able to understand that prefix could be a possible improvement on your side.

Best,
Marco.

0 Likes