neo4j webinterface behind nginx reverse proxy

Question

I'm trying to expose a neo4j database to the internet.

For security reasons, I'd like to hide it behind a SSL/basic_auth combination via nginx. Here is the corresponding nginx config:

  location /neo4j/ {
            proxy_pass https://localhost:7473/;
            proxy_read_timeout 600;

            proxy_set_header    X-Real-IP         $remote_addr;
            proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header    X_FORWARDED_PROTO https;
            proxy_set_header    Host              $http_host;
            proxy_buffering     off;
            proxy_redirect      off;
            auth_basic           "restricted";
            auth_basic_user_file /etc/nginx/auth/htpasswd;
            proxy_headers_hash_max_size 1024;
            proxy_headers_hash_bucket_size 128;
            proxy_ssl_session_reuse off;
            rewrite /neo4j/(.*) /$1 break;
    }

While I'm able to access https://example.com/neo4j/browser, the webinterface tells me, that it can't connect to the neo4j and my webbrowser's console gets filled up with OPTIONS https://example.com/db/data 405(Not allowed)

I also tried the neo4j built in https server in conjunction with the authentication extension (https://github.com/neo4j-contrib/authentication-extension). With this option, I also can access the webinterface.

But the interface also displays, that it's not able to connect to the neo4j and the webbrowser's console gets filled up with OPTIONS http://example.com:7473/db/data/ net::ERR_EMPTY_RESPONSE and the hint The page at 'https://example.com:7473/browser/' was loaded over HTTPS, but displayed insecure content from 'http://example.com:7473/db/data/': this content should also be loaded over HTTPS.

Does anyone know, how to get it working? Many thanks in advance!

Answer 1

I came across the same problem and it's kind of weird the lack of info about Nginx as a webserver combined with neo4j. It's odd the only reference to a reverse proxy in the official doc is Apache - not impressed.

Just FYI I'm using a dockerised neo4j (https://github.com/neo4j/docker-neo4j/tree/master/2.3.2) as it comes by default (in case you want to know other settings). It should not matter if you run neo4j natively outside docker. The following Nginx conf will be the same.

location /neo4j/ {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_redirect off;
            proxy_buffering off;
            proxy_pass http://YOUR-IP:7474/browser/;
 }

 location /db/data/ {
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $http_host;
                proxy_redirect off;
                proxy_buffering off;
                proxy_pass http://YOUR-IP:7474/db/data/;
}

Replace YOUR-IP by yours and change 7474 for 7473 if you are using HTTPS instead of HTTP.

This worked for me.