Being very green to Neo4j I'm worried the answer to this question is obvious.
I've just started developing a Node app (accessing Neo4j) on my local machine and am now going to deploy my a dev version on Digital Ocean.
I'll be running a headless Linux server and therefore will not be able to query my database using the Neo4j browser (which I believe is a bad idea anyway due to security concerns?).
My question is to ask if something like Cypher Shell is the usual way that everyone queries their db on a headless server?
I know I can disable auth in neo4j.conf to allow browser access but what about production where one wouldn't do that. Is Cypher Shell how you query in production?
Again, apologies if there's a burning bush right in front of me that I'm just not seeing.
Thanks in anticipation.
There's a lot to unpack here, but I think it boils down to three unspoken assumptions/questions:
- How to make Neo4j secure for production?
- How to connect to Neo4j to run queries? (Cypher Shell?)
- How to secure that connection?
The BOLT protocol, configured to port 7687 by default.
Whatever works for you, but using cypher-shell sounds off to me. Just make sure you've set up users, roles, and passwords.
Thanks for the input, but my apologies, I wasn't clear...
The Node API does query the db using the BOLT protocol.
My question refers to when I am debugging something and I need to randomly run queries against the db to check my data.
On my local machine I just use the Neo4j browser but since I cannot do that on the Digital Ocean server without exposing security... then what do I use to do random queries on the db?
There's a lot of ways to do that. For security, my best advise is to keep it simple, and locked down.
- Again, make sure you've got good users and roles. Change the default bolt port. Use UFW (or similar) to lock it down. Turn it on temporarily when you're accessing.
- Reverse proxy. Change the bolt port and browser port localhost only. Then setup a reverse proxy to the browser port (
Setup another machine as a read-only casual-cluster. If you're worried about people changing data, worry no more. If you're worried about people seeing the data, put it on a local, connected to your server via VPN.
May thanks, much appreciated.