It appears now with 4.0.0 Enterprise and Java 11 we can bind JMX to a particular address instead of broadcasting it to the world using these settings:
# Remote JMX monitoring, uncomment and adjust the following lines as needed. Absolute paths to jmx.access and
# jmx.password files are required.
# Also make sure to update the jmx.access and jmx.password files with appropriate permission roles and passwords,
# the shipped configuration contains only a read only role called 'monitor' with password 'Neo4j'.
# For more details, see: http://download.oracle.com/javase/8/docs/technotes/guides/management/agent.html
# On Unix based systems the jmx.password file needs to be owned by the user that will run the server,
# and have permissions set to 0600.
# For details on setting these file permissions on Windows see:
# http://docs.oracle.com/javase/8/docs/technotes/guides/management/security-windows.html
# bind JMX to localhost only
dbms.jvm.additional=-Dcom.sun.management.jmxremote.host=127.0.0.1
dbms.jvm.additional=-Dcom.sun.management.jmxremote.port=3637
dbms.jvm.additional=-Dcom.sun.management.jmxremote.authenticate=true
dbms.jvm.additional=-Dcom.sun.management.jmxremote.ssl=false
dbms.jvm.additional=-Dcom.sun.management.jmxremote.password.file=/opt/neo4j/conf/jmx.password
dbms.jvm.additional=-Dcom.sun.management.jmxremote.access.file=/opt/neo4j/conf/jmx.access
Could we update the default conf in 4.0 to show this is possible now?
