Secure Local Grandstack with SSL ? (Starter not connecting to DB)


Enjoying learning about digital security/vulnerabilities, resilience and graphs.
Qn in a nutshell: how to get Grandstack working as securely and resiliently as possible? ie with encryption and a local neo4j DB before transferring local DB to the cloud or docker on my NAS?

I'm following Will's Willow tutorials and trying to get my local neo4j DB working with SSL so that when I move to the cloud i'm across the various security issues. Will turns off Encryption and uses neo4j sandbox. Which I've done in prior projects. This time i've enabled encryption because i want to get working on a real work project this time where security is critical and I need to ensure only authorized users can access the content and that cloud providers will not be able to see the application.

After i build, The graphql API and front end run at http:// localhost:3000/ and http:// localhost:4001/graphql

However, the api can't query the DB (running Neo4j 4.1.1) and is timing out:
"errors": [{"message": "Failed to connect to server. Please ensure that your database is listening on the correct host and port and that you have compatible encryption settings both on Neo4j server and driver. Note that the default encryption setting has changed in Neo4j 4.0. Caused by: Client network socket disconnected before secure TLS connection was established"

My .env file points to:

Searching the forums, it seems from this post the problem is with https as:
https://localhost:7474/ in the browser returns "ERR_SSL_PROTOCOL_ERROR" while http://localhost:7474/browser/ provides a neo4j desktop interface and allows me to login.

IIUC how to configure SSL and get neo4j grandstack running securely is a whole beast in itself so wondering if the best approach is to just go through the docs and figure it out or if anyone has other resources or recommendations?


PS. If you have any other recommendations, tips or vids on how to secure a grandstack app so that the cloud provider can't see / tamper with any info (because you have sensitive data like finacial transactions), please feel free to share. Thanks!

1 Like

I haven't gone through all of @william.lyon videos but I thought I recall him possibly using SSL at one point with one of his projects (I could be wrong). I haven't had a chance to turn on SSL myself yet. Depending on what you are trying to do though, I am working on guide to deploy a GRANDstack application on a Raspberry Pi. Again I haven't gotten to the part of using SSL, but when I do I can let you know. I'm assuming you might get there before me though.