are implying. the conf file here it is
#*****************************************************************
Neo4j configuration
For more details and a complete list of settings, please see
#*****************************************************************
The name of the default database
#dbms.default_database=neo4j
Paths of directories in the installation.
dbms.directories.data=data
dbms.directories.plugins=/usr/local/Cellar/neo4j/4.1.1/libexec/plugins
dbms.directories.logs=logs
#dbms.directories.lib=lib
#dbms.directories.run=run
#dbms.directories.transaction.logs.root=data/transactions
This setting constrains all LOAD CSV import files to be under the import directory. Remove or comment it out to
allow files to be loaded from anywhere in the filesystem; this introduces possible security problems. See the
LOAD CSV section of the manual for details.
dbms.directories.import=import
Whether requests to Neo4j are authenticated.
To disable authentication, uncomment this line
dbms.security.auth_enabled=false
Enable this to be able to upgrade a store from an older version.
#dbms.allow_upgrade=true
#********************************************************************
Memory Settings
#********************************************************************
Memory settings are specified kilobytes with the 'k' suffix, megabytes with
'm' and gigabytes with 'g'.
If Neo4j is running on a dedicated server, then it is generally recommended
to leave about 2-4 gigabytes for the operating system, give the JVM enough
heap to hold all your transaction state and query context, and then leave the
rest for the page cache.
Java Heap Size: by default the Java heap size is dynamically calculated based
on available system resources. Uncomment these lines to set specific initial
and maximum heap size.
#dbms.memory.heap.initial_size=512m
#dbms.memory.heap.max_size=512m
The amount of memory to use for mapping the store files.
The default page cache memory assumes the machine is dedicated to running
Neo4j, and is heuristically set to 50% of RAM minus the Java heap size.
#dbms.memory.pagecache.size=10g
Limit the amount of memory that all of the running transaction can consume.
By default there is no limit.
#dbms.memory.transaction.global_max_size=256m
Limit the amount of memory that a single transaction can consume.
By default there is no limit.
#dbms.memory.transaction.max_size=16m
Transaction state location. It is recommended to use ON_HEAP.
dbms.tx_state.memory_allocation=ON_HEAP
#*****************************************************************
Network connector configuration
#*****************************************************************
With default configuration Neo4j only accepts local connections.
To accept non-local connections, uncomment this line:
#dbms.default_listen_address=0.0.0.0
You can also choose a specific network interface, and configure a non-default
port for each connector, by setting their individual listen_address.
The address at which this server can be reached by its clients. This may be the server's IP address or DNS name, or
it may be the address of a reverse proxy which sits in front of the server. This setting may be overridden for
individual connectors below.
#dbms.default_advertised_address=localhost
You can also choose a specific advertised hostname or IP address, and
configure an advertised port for each connector, by setting their
individual advertised_address.
By default, encryption is turned off.
To turn on encryption, an ssl policy for the connector needs to be configured
Read more in SSL policy section in this file for how to define a SSL policy.
Bolt connector
dbms.connector.bolt.enabled=true
#dbms.connector.bolt.tls_level=DISABLED
#dbms.connector.bolt.listen_address=:7687
HTTP Connector. There can be zero or one HTTP connectors.
dbms.connector.http.enabled=true
#dbms.connector.http.listen_address=:7474
HTTPS Connector. There can be zero or one HTTPS connectors.
dbms.connector.https.enabled=false
#dbms.connector.https.listen_address=:7473
Number of Neo4j worker threads.
#dbms.threads.worker_count=
#*****************************************************************
SSL policy configuration
#*****************************************************************
Each policy is configured under a separate namespace, e.g.
dbms.ssl.policy..*
can be any of 'bolt', 'https', 'cluster' or 'backup'
The scope is the name of the component where the policy will be used
Each component where the use of an ssl policy is desired needs to declare at least one setting of the policy.
Allowable values are 'bolt', 'https', 'cluster' or 'backup'.
E.g if bolt and https connectors should use the same policy, the following could be declared
dbms.ssl.policy.bolt.base_directory=certificates/default
dbms.ssl.policy.https.base_directory=certificates/default
However, it's strongly encouraged to not use the same key pair for multiple scopes.
N.B: Note that a connector must be configured to support/require
SSL/TLS for the policy to actually be utilized.
see: dbms.connector.*.tls_level
SSL settings (dbms.ssl.policy..*)
.base_directory Base directory for SSL policies paths. All relative paths within the
SSL configuration will be resolved from the base dir.
.private_key A path to the key file relative to the '.base_directory'.
.private_key_password The password for the private key.
.public_certificate A path to the public certificate file relative to the '.base_directory'.
.trusted_dir A path to a directory containing trusted certificates.
.revoked_dir Path to the directory with Certificate Revocation Lists (CRLs).
.verify_hostname If true, the server will verify the hostname that the client uses to connect with. In order
for this to work, the server public certificate must have a valid CN and/or matching
Subject Alternative Names.
.client_auth How the client should be authorized. Possible values are: 'none', 'optional', 'require'.
.tls_versions A comma-separated list of allowed TLS versions. By default only TLSv1.2 is allowed.
.trust_all Setting this to 'true' will ignore the trust truststore, trusting all clients and servers.
Use of this mode is discouraged. It would offer encryption but no security.
.ciphers A comma-separated list of allowed ciphers. The default ciphers are the defaults of
the JVM platform.
Bolt SSL configuration
#dbms.ssl.policy.bolt.enabled=true
#dbms.ssl.policy.bolt.base_directory=certificates/bolt
#dbms.ssl.policy.bolt.private_key=private.key
#dbms.ssl.policy.bolt.public_certificate=public.crt
#dbms.ssl.policy.bolt.client_auth=NONE
Https SSL configuration
#dbms.ssl.policy.https.enabled=true
#dbms.ssl.policy.https.base_directory=certificates/https
#dbms.ssl.policy.https.private_key=private.key
#dbms.ssl.policy.https.public_certificate=public.crt
#dbms.ssl.policy.https.client_auth=NONE
Cluster SSL configuration
#dbms.ssl.policy.cluster.enabled=true
#dbms.ssl.policy.cluster.base_directory=certificates/cluster
#dbms.ssl.policy.cluster.private_key=private.key
#dbms.ssl.policy.cluster.public_certificate=public.crt
Backup SSL configuration
#dbms.ssl.policy.backup.enabled=true
#dbms.ssl.policy.backup.base_directory=certificates/backup
#dbms.ssl.policy.backup.private_key=private.key
#dbms.ssl.policy.backup.public_certificate=public.crt
#*****************************************************************
Logging configuration
#*****************************************************************
To enable HTTP logging, uncomment this line
#dbms.logs.http.enabled=true
Number of HTTP logs to keep.
#dbms.logs.http.rotation.keep_number=5
Size of each HTTP log that is kept.
#dbms.logs.http.rotation.size=20m
To enable GC Logging, uncomment this line
#dbms.logs.gc.enabled=true
GC Logging Options
#dbms.logs.gc.options=-Xlog:gc*,safepoint,age*=trace
Number of GC logs to keep.
#dbms.logs.gc.rotation.keep_number=5
Size of each GC log that is kept.
#dbms.logs.gc.rotation.size=20m
Log level for the debug log. One of DEBUG, INFO, WARN and ERROR. Be aware that logging at DEBUG level can be very verbose.
#dbms.logs.debug.level=INFO
Size threshold for rotation of the debug log. If set to zero then no rotation will occur. Accepts a binary suffix "k",
"m" or "g".
#dbms.logs.debug.rotation.size=20m
Maximum number of history files for the internal log.
#dbms.logs.debug.rotation.keep_number=7
#*****************************************************************
Miscellaneous configuration
#*****************************************************************
Enable this to specify a parser other than the default one.
#cypher.default_language_version=3.5
Determines if Cypher will allow using file URLs when loading data using
LOAD CSV. Setting this value to false will cause Neo4j to fail LOAD CSV
clauses that load data from the file system.
dbms.security.allow_csv_import_from_file_urls=true
Value of the Access-Control-Allow-Origin header sent over any HTTP or HTTPS
connector. This defaults to '*', which allows broadest compatibility. Note
that any URI provided here limits HTTP/HTTPS access to that URI only.
#dbms.security.http_access_control_allow_origin=*
Value of the HTTP Strict-Transport-Security (HSTS) response header. This header
tells browsers that a webpage should only be accessed using HTTPS instead of HTTP.
It is attached to every HTTPS response. Setting is not set by default so
'Strict-Transport-Security' header is not sent. Value is expected to contain
directives like 'max-age', 'includeSubDomains' and 'preload'.
#dbms.security.http_strict_transport_security=
Retention policy for transaction logs needed to perform recovery and backups.
dbms.tx_log.rotation.retention_policy=1 days
Only allow read operations from this Neo4j instance. This mode still requires
write access to the directory for lock purposes.
#dbms.read_only=false
Comma separated list of JAX-RS packages containing JAX-RS resources, one
package name for each mountpoint. The listed package names will be loaded
under the mountpoints specified. Uncomment this line to mount the
org.neo4j.examples.server.unmanaged.HelloWorldResource.java from
neo4j-server-examples under /examples/unmanaged, resulting in a final URL of
#dbms.unmanaged_extension_classes=org.neo4j.examples.server.unmanaged=/examples/unmanaged
A comma separated list of procedures and user defined functions that are allowed
full access to the database through unsupported/insecure internal APIs.
dbms.security.procedures.unrestricted=my.extensions.example,my.procedures.,apoc.,gds.*
A comma separated list of procedures to be loaded by default.
Leaving this unconfigured will load all procedures found.
dbms.security.procedures.whitelist=apoc.coll.,apoc.load.,apoc.,gds.
apoc.import.file.enabled=true
apoc.import.file.use_neo4j_config=true
apoc.export.file.enabled=true
#********************************************************************
JVM Parameters
#********************************************************************
G1GC generally strikes a good balance between throughput and tail
latency, without too much tuning.
dbms.jvm.additional=-XX:+UseG1GC
Have common exceptions keep producing stack traces, so they can be
debugged regardless of how often logs are rotated.
dbms.jvm.additional=-XX:-OmitStackTraceInFastThrow
Make sure that initmemory is not only allocated, but committed to
the process, before starting the database. This reduces memory
fragmentation, increasing the effectiveness of transparent huge
pages. It also reduces the possibility of seeing performance drop
due to heap-growing GC events, where a decrease in available page
cache leads to an increase in mean IO response time.
Try reducing the heap memory, if this flag degrades performance.
dbms.jvm.additional=-XX:+AlwaysPreTouch
Trust that non-static final fields are really final.
This allows more optimizations and improves overall performance.
NOTE: Disable this if you use embedded mode, or have extensions or dependencies that may use reflection or
serialization to change the value of final fields!
dbms.jvm.additional=-XX:+UnlockExperimentalVMOptions
dbms.jvm.additional=-XX:+TrustFinalNonStaticFields
Disable explicit garbage collection, which is occasionally invoked by the JDK itself.
dbms.jvm.additional=-XX:+DisableExplicitGC
#Increase maximum number of nested calls that are can be inlined from 9 (default) to 15
dbms.jvm.additional=-XX:MaxInlineLevel=15
Restrict size of cached JDK buffers to 256 KB
dbms.jvm.additional=-Djdk.nio.maxCachedBufferSize=262144
More efficient buffer allocation in Netty by allowing direct no cleaner buffers.
dbms.jvm.additional=-Dio.netty.tryReflectionSetAccessible=true
Exits JVM on the first occurrence of an out-of-memory error. Its preferable to restart VM in case of out of memory errors.
dbms.jvm.additional=-XX:+ExitOnOutOfMemoryError
Remote JMX monitoring, uncomment and adjust the following lines as needed. Absolute paths to jmx.access and
jmx.password files are required.
Also make sure to update the jmx.access and jmx.password files with appropriate permission roles and passwords,
the shipped configuration contains only a read only role called 'monitor' with password 'Neo4j'.
On Unix based systems the jmx.password file needs to be owned by the user that will run the server,
and have permissions set to 0600.
For details on setting these file permissions on Windows see:
#dbms.jvm.additional=-Dcom.sun.management.jmxremote.port=3637
#dbms.jvm.additional=-Dcom.sun.management.jmxremote.authenticate=true
#dbms.jvm.additional=-Dcom.sun.management.jmxremote.ssl=false
#dbms.jvm.additional=-Dcom.sun.management.jmxremote.password.file=/absolute/path/to/conf/jmx.password
#dbms.jvm.additional=-Dcom.sun.management.jmxremote.access.file=/absolute/path/to/conf/jmx.access
Some systems cannot discover host name automatically, and need this line configured:
#dbms.jvm.additional=-Djava.rmi.server.hostname=$THE_NEO4J_SERVER_HOSTNAME
Expand Diffie Hellman (DH) key size from default 1024 to 2048 for DH-RSA cipher suites used in server TLS handshakes.
This is to protect the server from any potential passive eavesdropping.
dbms.jvm.additional=-Djdk.tls.ephemeralDHKeySize=2048
This mitigates a DDoS vector.
dbms.jvm.additional=-Djdk.tls.rejectClientInitiatedRenegotiation=true
Enable remote debugging
#dbms.jvm.additional=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005
This filter prevents deserialization of arbitrary objects via java object serialization, addressing potential vulnerabilities.
By default this filter whitelists all neo4j classes, as well as classes from the hazelcast library and the java standard library.
These defaults should only be modified by expert users!
#dbms.jvm.additional=-Djdk.serialFilter=java.;org.neo4j.;com.neo4j.;com.hazelcast.;net.sf.ehcache.Element;com.sun.proxy.;org.openjdk.jmh.**;!
Increase the default flight recorder stack sampling depth from 64 to 256, to avoid truncating frames when profiling.
dbms.jvm.additional=-XX:FlightRecorderOptions=stackdepth=256
Allow profilers to sample between safepoints. Without this, sampling profilers may produce less accurate results.
dbms.jvm.additional=-XX:+UnlockDiagnosticVMOptions
dbms.jvm.additional=-XX:+DebugNonSafepoints
#********************************************************************
Wrapper Windows NT/2000/XP Service Properties
#********************************************************************
WARNING - Do not modify any of these properties when an application
using this configuration file has been installed as a service.
Please uninstall the service before modifying this section. The
service can then be reinstalled.
Name of the service
dbms.windows_service_name=neo4j
#********************************************************************
Other Neo4j system properties
#********************************************************************
wrapper.java.additional=-Djava.awt.headless=true
wrapper.java.additional.4=-Dneo4j.ext.udc.source=homebrew
dbms.directories.data=/usr/local/var/neo4j/data
dbms.directories.logs=/usr/local/var/log/neo4j
