This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Head's Up! These forums are read-only. All users and content have migrated. Please join us at community.neo4j.com.

How do I use the browser using ssh tunnel?

henry
Node Link

‎09-21-2018 01:35 PM

I set up an ssh tunnel to access the cluster inside an AWS VPC. I point my browser at localhost:7474/browser and log in using the correct creds but it's giving a service unavailable error. I can curl to the cluster using the same creds with no problem. What could be the issue?

ssh -N -L 7474:clusternodeip:7474 user@myec2instance -i mypemfile

0 Kudos
Reply
7 REPLIES 7

tom_geudens
Neo4j
Neo4j

‎09-21-2018 09:26 PM

Hello Henry,
You not only need the http port, you also need to tunnel out the bolt port (7687). Add that and it should work.

Let me know if it does (or still doesn't).

Regards,
Tom

Reply

henry
Node Link
In response to tom_geudens

‎09-24-2018 02:49 PM

Thanks Tom. I was able to connect using the browser however, I had to use the public ip of the cluster node. Why does the public ip work and not the private ip? The cluster nodes do not have outside vpc access. I'm a little confused with this. How can I make the browser connect to the host using its private ip? In my ssh tunnel command, I'm using the private ip of the cluster node.

ssh -N -L 7474:clusternodePrivateip:7474 -L 7687:clusternodePrivateip:7687 user@myec2instance -i mypemfile

Below is the conf of the cluster node.

dbms.connectors.default_listen_address=0.0.0.0
dbms.connectors.default_advertised_address=[private ip]

dbms.connector.bolt.enabled=true
#dbms.connector.bolt.tls_level=OPTIONAL
#dbms.connector.bolt.listen_address=:7687

dbms.connector.http.enabled=true
#dbms.connector.http.listen_address=:7474

dbms.connector.https.enabled=true
#dbms.connector.https.listen_address=:7473

0 Kudos
Reply

tom_geudens
Neo4j
Neo4j
In response to henry

‎09-24-2018 09:02 PM

Greetings Henry,

Lets establish facts here ... you say you can connect to the public ip with a browser (firefox, chrome, whatever), correct ? Well, if that works, I guarantee you that's because there are two ports exposed on the public ip, 7474 and 7687. That's easily confirmed too, just

nmap -p 7474 <public ip>
nmap -p 7687 <public ip>

and both ports will show they are open.

Next you claim that you can browse to the instance when you tunnel out port 7474 from the private ip, but you can not connect. Is that the correct situation ? Again, easily confirmed, because after your ssh command you check this

nmap -p 7474 localhost
nmap -p 7687 localhost

and you'll see that the second port is not open.

If the above is the situation (and that's what I understand from your initial request), this will solve your problem :
ssh -N -L 7474:clusternodeip:7474 -L 7687:clusternodeip:7687 user@myec2instance -i mypemfile

You can actually see the browser needs both ports. The browser-url is obviously to 7474, the connection itself however, requires you to specify the bolt-url.

Does that make sense ?

Regards,
Tom

Reply

henry
Node Link
In response to tom_geudens

‎09-25-2018 02:03 PM

Hi Tom,

I did include ports 7474 & 7687 in the ssh tunnel command, I just forgot to list it in my previous post (I updated it now). The nmap shows:

Cluster Node (inside a vpc, no public access)

nmap -p 7474 <public ip>  
nmap -p 7687 <public ip>

Both shows host down which makes sense since the server shouldn't have public access

nmap -p 7474 <private ip>
nmap -p 7687 <private ip>

Both shows port is open

My laptop

nmap -p 7474 localhost
nmap -p 7687 localhost

Both shows port is open

When connecting to http://localhost:7474/browser on my laptop, I can connect successfully if I use the public ip of the cluster node but I get an error if I use the private ip. How can I connect using the private ip?

2X_8_8b50cc3a92f435c7e66735ade92557dd0c0619a3.png
2X_b_b251beb7adf800e40e5660e05d4217fce2111e89.png

0 Kudos
Reply

tom_geudens
Neo4j
Neo4j
In response to henry

‎09-25-2018 10:13 PM

It's a bit strange ... but shouldn't that bolt-connection to the private ip read : bolt://localhost:7687 ? Obviously 172.31.10.226 (your private ip) ... is not reachable as such ...

You're also not browsing to 172.31.10.226:7474 but to http://localhost:7474, right ?

Regards,
Tom

0 Kudos
Reply

henry
Node Link
In response to tom_geudens

‎10-01-2018 04:03 PM

@tom.geudens Correct. I'm browsing to http://localhost:7474. But If I put Host to bolt://localhost:7687 I get a websocket connection error.

2X_8_8a2d06f44f211917cf83c6744012dff12e72f82f.png

0 Kudos
Reply

henry
Node Link
In response to henry

‎10-08-2018 05:46 PM

Just an update. After bouncing the cluster core nodes, I was able to use bolt://localhost:7687 in the browser.

0 Kudos
Reply
Nodes 2022
Nodes
NODES 2022, Neo4j Online Education Summit

All the sessions of the conference are now available online

Watch replays