I cannot connect from my local machine to a remote server using the server host name and port 7474 in the browser (HTTP, not HTTPS).
I have the remote server running Debian with the following version:
Linux mem 4.19.0-12-amd64 #1 SMP Debian 4.19.152-1 (2020-10-18) x86_64 GNU/Linux
I installed Neo4j Enterprise and have the following network connector configuration which I think is set to accept connections from outside localhost:
vim /etc/neo4j/neo4j.conf
#*****************************************************************
# Network connector configuration
#*****************************************************************
# With default configuration Neo4j only accepts local connections.
# To accept non-local connections, uncomment this line:
dbms.default_listen_address=0.0.0.0
# You can also choose a specific network interface, and configure a non-default
# port for each connector, by setting their individual listen_address.
# The address at which this server can be reached by its clients. This may be the server's IP address or DNS name, or
# it may be the address of a reverse proxy which sits in front of the server. This setting may be overridden for
# individual connectors below.
dbms.default_advertised_address=0.0.0.0
# You can also choose a specific advertised hostname or IP address, and
# configure an advertised port for each connector, by setting their
# individual advertised_address.
# By default, encryption is turned off.
# To turn on encryption, an ssl policy for the connector needs to be configured
# Read more in SSL policy section in this file for how to define a SSL policy.
# Bolt connector
dbms.connector.bolt.enabled=true
#dbms.connector.bolt.tls_level=DISABLED
#dbms.connector.bolt.listen_address=:7687
#dbms.connector.bolt.advertised_address=:7687
# HTTP Connector. There can be zero or one HTTP connectors.
dbms.connector.http.enabled=true
#dbms.connector.http.listen_address=:7474
#dbms.connector.http.advertised_address=:7474
# HTTPS Connector. There can be zero or one HTTPS connectors.
dbms.connector.https.enabled=false
#dbms.connector.https.listen_address=:7473
#dbms.connector.https.advertised_address=:7473
# Cluster Routing Connector. Enables the opening of an additional port to allow
# for internal communication using the same security configuration as CLUSTER
#dbms.routing.enabled=false
# Customize the listen address and advertised address used for the routing connector.
#dbms.routing.listen_address=0.0.0.0:7688
#dbms.routing.advertised_address=:7688
# Number of Neo4j worker threads.
#dbms.threads.worker_count=
I then launch neo4j with:
sudo systemctl start neo4j
I can see that the addresses and ports are being listened:
sudo lsof -i -P -n
java 58622 neo4j 1182u IPv6 17299554 0t0 TCP 127.0.0.1:6362 (LISTEN)
java 58622 neo4j 1272u IPv6 17235865 0t0 TCP *:7687 (LISTEN)
java 58622 neo4j 1274u IPv6 17235870 0t0 TCP *:7474 (LISTEN)
Another check with netstat:
sudo netstat -ltnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1154/sshd
tcp6 0 0 127.0.0.1:6362 :::* LISTEN 58622/java
tcp6 0 0 :::7687 :::* LISTEN 58622/java
tcp6 0 0 :::7474 :::* LISTEN 58622/java
tcp6 0 0 :::22 :::* LISTEN 1154/sshd
From what I can see, neo4j is using ipv6 (tcp6) but from what I read online, this would be able to receive connections using ipv4 as well?
I note that I can ssh successfully into the remote server, but I can't access any of the ports of the network connector configuration from my local machine.
If I log into the remote server via ssh, I can test the response of the Neo4j server web interface:
ssh my_user@server_host_name
wget http://server_host_name:7474/
{
"bolt_routing" : "neo4j://server_host_name:7687",
"transaction" : "http://server_host_name7474/db/{databaseName}/tx",
"bolt_direct" : "bolt://server_host_name:7687",
"neo4j_version" : "4.2.1",
"neo4j_edition" : "enterprise"
}
However, if I try to access remotely, I get get this on Firefox:
Firefox can’t establish a connection to the server at
server_host_name:7474.
Now lets test using nc from my local machine.
Port 22 for ssh of the remote server works fine:
nc -zvw10 server_host_name 22
Connection to server_host_name 22 port [tcp/ssh] succeeded!
But port 7474 does not:
nc -zvw10 server_host_name 7474
nc: connect to server_host_name port 7474 (tcp) failed: Connection refused
I have considered this to be a firewall problem, but this is what I get from iptables inside the remote server:
sudo iptables --list-rules -v
-P INPUT ACCEPT -c 0 0
-P FORWARD ACCEPT -c 0 0
-P OUTPUT ACCEPT -c 0 0
So, I believe the following hold true:
- There are no firewall rules prohibiting the connection.
neo4jis listening on the ports defined in the configuration.
What I gather from this is that perhaps neo4j is using ipv6 instead of ipv4 (from the netstat output) and that could be a problem.
If that is the case, how do I force it to use ipv4 only?
If anyone has additional suggestions I would appreciate it because I think I've gone through all possibilities already.
Thanks for your attention.