Head's Up! These forums are read-only. All users and content have migrated. Please join us at community.neo4j.com.
04-14-2020 09:30 PM
Hi all. I am developing a Django app based on neo4j hosted in Digital Ocean - Ubuntu Server 18.04.
Below are the two commands I ran.
docker run --rm \
--volume=$HOME/neo4j/conf:/conf \
neo4j:3.5.14 dump-config
docker run -d --name ci6299neo4j --publish=7474:7474 --publish=7687:7687 --publish=7473:7473 --volume=$HOME/neo4j/data:/data --volume=$HOME/neo4j/logs:/logs --volume=$HOME/neo4j/conf:/conf --volume=$HOME/neo4j/import:/import --volume=$HOME/neo4j/plugins:/plugins --env NEO4J_dbms_memory_pagecache_size=4G --env NEO4J_AUTH=neo4j/root neo4j:3.5.14
I had some bad experience of being hacked. One of the loopholes I suspected was neo4j browser access. I have resolved the other suspect which was using SSH keys.
My plan is to disable neo4j browser's public access via http://MyDOIPAddress:7474/browser/ after deployment which means only the Django web app can access the neo4j database. What I did was as shown below in which I disabled HTTP/HTTPS connectors. After doing this, both my Django app and neo4j browser could not be run.
Can anyone share how I can disable the neo4j browser while allowing only the Django app to access the neo4j database?
Any other advise regarding securing my neo4j database (docker) in Digital Ocean is welcomed.
Thank you!
04-23-2020 02:00 AM
Can anyone help me with this? Can you point me to the resources which I can study regarding this?
04-26-2020 10:32 AM
Goodevening,
If the Django app is hosted on the same machine. You can allow traffic through the app and manage authorisation etc within the app. And disable Neo4j access from the outside
Blocking accces can be done with firewall settings. Also in the neo4j config I think jou can set the db listening to "localhost".
Yours Kindly Omer
All the sessions of the conference are now available online