Learner here. Goal is to setup secure neo4j DB on Synology NAS (via Docker) to be able to query and load datasets – for eg, import CSVs as graphs, then query those nodes etc.
Getting stuck at configuring and running my docker neo4j image.
First step is to setup a neo4J DB on Docker on my NAS and then ensure it's secure by blocking HTTP, setting up SSL and Bolt, etc.
Found this security checklist to follow: https://neo4j.com/docs/operations-manual/current/security/checklist/ and this doc on SSL - https://neo4j.com/docs/operations-manual/current/security/ssl-framework/
Thus far I've:
- got a neo4j enterprise license
- read ' How-To: Run Neo4j in Docker' https://neo4j.com/developer/docker-run-neo4j/
- SSH'd to my Synology NAS runtime - and create a 'neo4j:2.3-enterprise' image blocking HTTP but allowing bolt and SSL.
But it returns this error:
docker: Error response from daemon: Bind mount failed: '/var/services/homes/rise/neo4j/plugins' does not exists.
Any ideas why and how to resolve / get the image setup securely and running the DB that I can query?
...:/$ sudo docker run \ > --name nBank \ > -p7687:7687 \ > -p7473:7473 \ > -d \ > -v $HOME/neo4j/data:/data \ > -v $HOME/neo4j/logs:/logs \ > -v $HOME/neo4j/import:/var/lib/neo4j/import \ > -v $HOME/neo4j/plugins:/plugins \ > --env NEO4J_AUTH=neo4j/test \ > neo4j:enterprise 3c03e1f461d0cb28440ed160537c4c64eec96935c7215401929095231db4b215 docker: Error response from daemon: Bind mount failed: '/var/services/homes/rise/neo4j/data' does not exists.
Despite the error, when I do ' / $ sudo docker ps -a' I can see that the image is created.
:/$ sudo docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 3c03e1f461d0 neo4j:enterprise "/sbin/tini -g -- /d…" About a minute ago Created 0.0.0.0:7473->7473/tcp, 0.0.0.0:7687->7687/tcp, 7474/tcp nBank
Does anyone know how to:
A) configure neo4j DB on Docker on machine to be enterprise secure so that it's only accessed by me? ... Am I on the right track here?
ie is there a docker template neo4j.config or other that I can use when launching the docker container to run my DB as securely as possible? ie closes off HTTP, only enables SSL or Bolt connections, etc? Currently I'm trying to achieve decent image setup using the -env tag on the script above.
B) run Cypher queries via CypherShell or Neo4j Browser so I can start importing data like CSVs?
Have tried to bash into the image but getting error:
:/$ docker exec -it nbank bash Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.39/containers/nbank/json: dial unix /var/run/docker.sock: connect: permission denied
Thanks so much