Oh thanks, I thought I cancelled that post (when I got the similarity working)! Updated, cheers.
Not quite sure I understand what you're suggesting re: the browser. Until now, we've just used HTTPS for browser and for the database connection, meaning transport-layer security so no need for db auth, with config like:
From there we've just been able to connect to https://<external-ip>:7473/ in the browser, and it all works fine. We've set up firewalls to allow traffic to 7473, and it's only using that, so originally there was no more config to do. Since 3.x we've had to check the "don't use Bolt" option in the browser, and then everything's worked OK, but now that option's not even there.
Do we now have to use Bolt? Do we have to set up db authentication as well? We only have one user, the web app server, so we have no need for multiple users, and so no need for authentication, as long as the transport is secure.
I could be misunderstanding but it seems from what you're saying that you're using the HTTPS just expose Bolt on 80. Does it use TLS, or is there plain data going over the wire? Does that include auth info? How do you configure TLS in Bolt if so?
Sorry, I'm struggling to find documentation (apart from boltprotocol.org which is wire-level stuff) that goes into detail about configuring this as well as the overall concepts. There's https://neo4j.com/developer/kb/how-neo4j-browser-interacts-with-neo4j-server/ but it talks about plain HTTP, and I'm talking about accessing the browser over the internet, so it needs to be HTTPS. There's also https://neo4j.com/docs/operations-manual/current/security/authentication-authorization/ but again it's just db-user-level auth, and it's enterprise only too.
Thanks for any tips!