Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why Neo4J docker authentication doesn't work

I want to run a Neo4J instance through docker using a docker-compose.

docker-compose.yml

version: '3'
services:
  neo4j:
    container_name: neo4j-lab
    image: neo4j:latest
    environment:
      - NEO4J_dbms_memory_pagecache_size=2G
      - NEO4J_dbms_memory_heap_maxSize=4G
      - NEO4J_dbms_memory_heap_initialSize=512M
      - NEO4J_AUTH=neo4j/changeme
    ports:
      - 7474:7474
      - 7687:7687
    volumes:
      - neo4j_data:/data
      - neo4j_conf:/conf
      - ./import:/import
volumes:
  neo4j_data:
  neo4j_conf:

Running the following with docker-compose up is perfectly fine, and I can reach the login screen.

But when I set the credentials, I get the following error on my container logs : Neo.ClientError.Security.Unauthorized The client is unauthorized due to authentication failure. whereas I am sure that I fill with right credentials (the ones used in my docker-compose file)

Furthermore,

  • when I set NEO4J_AUTH to none, then no credentials have been asked.

  • when I set it to neo4j/neo4j it said that I can't use the default password

According the documentation, this is perfectly fine :

By default Neo4j requires authentication and requires you to login with neo4j/neo4j at the first connection and set a new password. You can set the password for the Docker container directly by specifying --env NEO4J_AUTH=neo4j/password in your run directive. Alternatively, you can disable authentication by specifying --env NEO4J_AUTH=none instead.

Do you have any idea of what's going on ?

Hope you could help me to solve this !

EDIT

Docker logs output :

neo4j-lab | 2019-03-13 23:02:32.378+0000 INFO  Starting...
neo4j-lab | 2019-03-13 23:02:37.796+0000 INFO  Bolt enabled on 0.0.0.0:7687.
neo4j-lab | 2019-03-13 23:02:41.102+0000 INFO  Started.
neo4j-lab | 2019-03-13 23:02:43.935+0000 INFO  Remote interface available at http://localhost:7474/
neo4j-lab | 2019-03-13 23:02:56.105+0000 WARN  The client is unauthorized due to authentication failure.

EDIT 2 :

It seems that deleting the volume associated first works. The password is now changed.

However, if I docker-compose down then docker-compose up whereas I change the password in my docker-compose file then the issue reappears.

So I think that when we change the password through docker-compose more than once while a volume exists, we need to remove the auth file presents in the volumes.

To do that :

docker volume inspect <volume_name>

You should get something like that :

[
    {
        "CreatedAt": "2019-03-14T11:17:08+01:00",
        "Driver": "local",
        "Labels": {
            "com.docker.compose.project": "neo4j",
            "com.docker.compose.volume": "neo4j_data"
        },
        "Mountpoint": "/data/docker/volumes/neo4j_neo4j_data/_data",
        "Name": "neo4j_neo4j_data",
        "Options": null,
        "Scope": "local"
    }
]

This is obviously different if you named your container and your volumes not like me (neo4j, neo4j_data).

The important part is the Mountpoint which locates the volume.

In this volume, you can delete the auth file which is in dbms directory.

Then restart your docker and everything should be fine.

like image 610
Dralucas Avatar asked Mar 13 '19 22:03

Dralucas


People also ask

How do I run Neo4j in a docker container?

Run Docker with Neo4j Retrieving and running Neo4j within a Docker container using one of the provided images requires a few steps. We will need to execute the docker run command with the neo4j image and specify any options or versions we want along with that. Let us take a look at a few options available with the docker run command.

How do I run Neo4j as a non-root user?

Another way is to run Neo4j as a non-root user by altering the docker run command with a different option. Instead of the --env, we can use the --user option and pass in the user’s id and group for access. We can see an example of this below, where it passes in the current user and group as the authentication.

What is testneo4j in Docker?

The docker run command creates and starts a container. On the next line, --name testneo4j defines the name we want to use for the container as testneo4j . This avoids us having to reference the container by its generic id, making our container easier to reference and to remember.

What is the default password for the Neo4j Server?

But then I remembered that when I started the neo4j server earlier, I had navigated to http://localhost:7474 from the browser and signed in using the default credentials username=neo4j and password=neo4j, which then prompted me to create a new password before I could proceed.


2 Answers

Neo4j docker developer here.

The reason this is happening is that the NEO4J_AUTH environment variable doesn't set the database password, it sets the INITIAL password only.

If you're mounting a data volume with an existing database inside, then NEO4J_AUTH has no effect because that database already has a password. It sounds like that's what you're experiencing here.

The documentation around this feature was not great and I've updated it! See: Neo4j docker authentication documentation

like image 59
jenny Avatar answered Oct 22 '22 12:10

jenny


define Neo4j password with docker-compose

neo4j:
   image: 'neo4j:4.1'
   environment:
      NEO4J_AUTH: 'neo4j/your_password'
   ports:
      - "7474:7474"
   volumes:
      ...
like image 3
Armel Drey Avatar answered Oct 22 '22 11:10

Armel Drey