Web access for Bolt service[Neo4j 5.26.2]

ratul.ranjan · April 11, 2025, 2:13pm

I have deployed neo4j on an openshift cluster ...I have istio gateway and virualservice to expose my services.Also we have a tls certificate as istio gateway..We are able to access the services exposed using virtualservice via the istio gateway.Even we are able to access the neo4j browser.Also we have done the relavent setting

server.bolt.enabled=true
server.bolt.tls_level=ENABLED
server.bolt.listen_address=:7687
server.bolt.advertised_address=:7687

HTTP Connector. There can be zero or one HTTP connectors.
server.http.enabled=true
server.http.listen_address=:7474
server.http.advertised_address=:7474

Bolt SSL configuration

dbms.ssl.policy.bolt.enabled=true
dbms.ssl.policy.bolt.base_directory=certificates/bolt
dbms.ssl.policy.bolt.private_key=private.key
dbms.ssl.policy.bolt.public_certificate=public.crt
dbms.ssl.policy.bolt.client_auth=NONE

But whenever I try to access the bolt+s using the bolt service route [password and username are correct] ,we are getting this error

ServiceUnavailable: WebSocket connection failure. Due to security constraints in your web browser, the reason for the failure is not available to this Neo4j Driver. Please use your browsers development console to determine the root cause of the failure. Common reasons include the database being unavailable, using the wrong connection URL or temporary network problems. If you have enabled encryption, ensure your browser is configured to trust the certificate Neo4j is configured to use. WebSocket readyState is: 3

Please suggest any leads for the issue

Regards

joshcornejo · April 11, 2025, 2:49pm

It is possible that 7687 is the "local" port and you've not mapped any of the infrastructure to reach from the client.

You can do a test from the shell:

curl -u neo4j:your_password \
  -H "Content-Type: application/json" \
  -X POST http://localhost:7687/db/neo4j/tx/commit \
  -d '{
    "statements": [
      {
        "statement": "MATCH (n) RETURN count(n) AS total"
      }
    ]
  }'

Or install cypher-shell:

ratul.ranjan · April 11, 2025, 4:56pm

Yes port forward is working for a development cluster ..But in production its a restricted environment and port fwd dont work here ..It is needed for display purpose

joshcornejo · April 12, 2025, 7:48am

then you need to reconfigure your neo4J database ...

as a client you connect to [port:gateway], the gateway needs to map to a port that is reachable on the database

[client] -----> [port:gateway] ----> [port:neo4J]

example:

you have a server.bolt.listen_address=:5678
your gateway server maps their local 4321 to the neo4J server 5678:

[client] -----> [4321:gateway] ----> [5678:neo4J]

Topic		Replies	Views
Neo4j Community Edition - SSL mode - WebSocket connection failure Neo4j Graph Platform migrated	0	298	February 3, 2023
Explanation of error "WebSocket connection failure. Due to security constraints in your web browser, the reason for the failure is not available to this Neo4j Driver Browser browser , bolt , websocket , knowledge-base	12	26126	December 28, 2020
Explanation of error "WebSocket connection failure. Due to security constraints in your web browser, the reason for the failure is not available to this Neo4j Driver Neo4j Graph Platform bolt , websocket , knowledge-base , migrated , browser-tagged	2	450	December 12, 2022
SessionExpired: WebSocket connection failure Operations	17	4166	February 5, 2021
How to use Neo4J bolt server with TLS behind Nginx reverse proxy? Newbie Questions	0	737	August 26, 2023

Get Certified in June!

Web access for Bolt service[Neo4j 5.26.2]

Related topics