Troubleshooting: Multitude of browser errors, port 80 and AWS issues

Hey all,

I've set up a Community Addition AWS instance, version 4.3 (also it's ubuntu) and I have been having issues with this ever since, with AWS support being unable to help me further.

I've set up the security tables to allow port traffic like so

It runs on a VPC, which has the route table as such:

I am able to ping the instance, so certainly can access it. I can also ssh into said instance as well via putty. I can also curl the instance with port 7474. I also confirm the firewall is off to, both on my computers end for port 80, and also on the instance I confirm the firewall is down:

sudo ufw status
Status: inactive

From this set-up I got a url sorted, connected it to by instance (along with an elastic IP I had assigned previously) and can now access the browser page at https://{url_here}/7473. My browser is Brave, which is an altered version of Chrome. (I've tested all problems on Chrome and Firefox too, same results). But this is where the problems begin.

I try to connect to a blank, dummy database. {my_ip_address}:7687 connections seem to fail with a

Neo.ClientError.Security.Unauthorized: The client is unauthorized due to authentication failure.

on both normal and bolt. The connections {my_ip_address}/7473 and {my_ip_address}/7474 fails with this error:

ServiceUnavailable: WebSocket connection failure. Due to security constraints in your web browser, the reason for the failure is not available to this Neo4j Driver. Pl...

This comes with the console log saying that the web socket has failed to connect.

To solve this I first tried to allow all 'Not secure' connections on the browser as default, but nothing changed. I then confirmed that my neo4j.conf was allowing me to access the browser. You can find my settings I set after researching previous posts here:

Under the black ink is the IP address of the instance.

I then look for another solution. I find the tutorial on setting up an SSL I found here: Getting Certificates for Neo4j with LetsEncrypt | by David Allen | Neo4j Developer Blog | Medium. I download certbot successfully but end up with an error when running the command:

certbot certonly

I have a windows 10 machine and installed certbot on both my laptop and the AWS instance. I ran this command on cmd with administrator privileges. I chose option 1 then gave my url. THe failure was due to a port 80 problem, as seen blow (url under the white):

Again, my security group has 80 open. My curl works from my computer to the instance for 7474 and I'm able to ping it. My firewall is down as I can curl google.com through port 80 too. SO I run some checks on my virtual machine by running the following lines:

  • nc localhost 7687 -> failed (doesn't hang)
  • nc localhost 80 -> failed (doesn't hang)
  • nc localhost 7474 -> success (it hangs)
  • nc localhost 7473 -> success (it hangs)

I am at a loss of what to do. Looking for opening port 80 leads to people saying check firewall, VPC, and security group, but I've done all that already. Neo4j is also not responding to changes to the conf with confuses me too. I always restart neo4j after any change, and have been changing both versions of neo4j.conf I found on the instance:

./etc/neo4j/neo4j.conf 
./var/lib/neo4j/conf/neo4j.conf

Can anyone help on any of these problems? Thanks in advance.

You need to run certbot and follow the steps from the blog post there. Not on your windows machine.

Also make sure that your neo4j server on your aws instance listens to the public IP there is a config setting for listen_address that you might need to uncomment.

Thanks for the reply Michael and thanks for your help!

The solution was running certbot on the AWS instance machine, I had misunderstood as I was still running it on the windows machine!

I was editing the /etc/neo4j/neo4j.conf, and /etc/neo4j/neo4j.template as this is the actual conf file for AWS, to allow the listener through. But yes, the prior issue was the root cause. You've just ended a week of struggles, so thank you!