Docker does not run natively on Mac OSX or Windows. For running Docker on Mac OSX and Windows please consult the Docker documentation. Overview The image exposes two ports (7474 and 7473) for HTTP and HTTPS access to the Neo4j… Learn More →
The image exposes two ports (
7473) for HTTP and HTTPS access to the Neo4j API and a volume (
/data) to allow the database to be persisted outside its container.
All the volumes in this documentation are stored under
By default Neo4j requires authentication.
You have to login with
The Neo4j comes in two editions: Community and Enterprise.
Neo4j Enterprise Edition is designed for commercial deployments where scale and availability are important. Use of Neo4j Enterprise Edition requires a commercial license agreement with Neo Technology. Please see Neo4j licensing for details.
Tags are available for both editions.
Version-specific Enterprise tags have an
-enterprise suffix (like
neo4j:2.3.0-enterprise), Community tags have no suffix (like
The latest Enterprise release is available as
File descriptor limit
Neo4j may use a large number of file descriptors if many indexes are in use or there is a large number of simultaneous database connections.
Docker controls the number of open file descriptors in a container; the limit depends on the configuration of your system. We recommend a limit of at least 40000 for running Neo4j.
To check the limit on your system, run this command:
To override the default configuration for a single container, use the
--ulimit option like this:
The default configuration provided by this image is intended for learning about Neo4j, but must be modified to make it suitable for production use.
In particular the memory assigned to Neo4j is very limited (see
NEO4J_HEAP_MEMORY below), to allow multiple containers to be run on the same server.
You can read more about configuring Neo4j in the manual.
There are three ways to modify the configuration depending on how much you need to customize the image.
Pass environment variables to the container when you run it.
The following environment variables are available:
NEO4J_CACHE_MEMORY: the size of Neo4j’s native-memory cache, defaults to 512M
NEO4J_HEAP_MEMORY: the size of Neo4j’s heap in MB, defaults to 512
NEO4J_KEEP_LOGICAL_LOGS: the retention policy for logical logs, defaults to
NEO4J_AUTH: controls authentication, set to
noneto disable authentication or
neo4j/<password>to override the default password (see the manual for details)
NEO4J_THIRDPARTY_JAXRS_CLASSES: URI mappings for unmanaged extensions (see below)
NEO4J_ALLOW_STORE_UPGRADE: set to
trueto enable upgrades, defaults to
false(see the manual for details)
The following settings control features that are only available in the Enterprise Edition of Neo4j.
NEO4J_DATABASE_MODE: the database mode, defaults to
SINGLE, set to
HAto create a cluster
NEO4J_SERVER_ID: the id of the server, must be unique within a cluster
NEO4J_HA_ADDRESS: the address which a server advertises to other members of a cluster in HA mode, this must be resolvable by all cluster members
NEO4J_INITIAL_HOSTS: comma-separated list of other members of the cluster
To make arbitrary modifications to the Neo4j configuration, provide the container with a
Any configuration files in the
/conf volume will override files provided by the image.
This includes values that may have been set in response to environment variables passed to the container by Docker.
So if you want to change one value in a file you must ensure that the rest of the file is complete and correct.
To dump an initial set of configuration files, run the image with the
Build a new image
For more complex customization of the image you can create a new image based on this one.
If you need to make your own configuration changes, we provide a hook so you can do that in a script:
Then you can pass in the
EXTENSION_SCRIPT environment variable at runtime to source the script:
When the extension script is sourced, the current working directory will be the root of the Neo4j installation.
(This feature is only available in Neo4j Enterprise Edition.)
In order to run Neo4j in HA mode under Docker you need to wire up the containers in the cluster so that they can talk to each other.
Each container must have a network route to each of the others and the
NEO4J_INITIAL_HOSTS environment variables must be set according (see above).
Within a single Docker host, this can be achieved as follows.
Plugins and unmanaged extensions
To install a plugin or unmanaged extension, provide a
/plugins volume containing the jars.
For unmanged extensions you also need to provide an environment variable specifying a URI mapping.
See the manual for more details on plugins and unmanaged extensions.
The Neo4j shell can be run locally within a container using a command like this:
Neo4j uses of
lsof to ensure the server is running and accepting connections on a given port.
Some AppArmor configurations (specifically the default configuration on Linux Mint) prevent
lsof from working as expected.
A workaround is to run the docker image in privileged mode, by adding
--privileged=true to the docker command line.
This is a workaround that disables the security provided by AppArmor, and is not recommended for deployments.
The current best known solution is to enable the use of ptrace in the docker profile of AppArmor.
Do this by adding the following line to
Add this line before the last curly brace, and restart docker.
To use your own key and certificate, provide an
/ssl volume with the key and certificate inside.
The key filename must end in
.key, and the certificate in
Only one of each file may be present.
You must also publish port
7473 to access the HTTPS endpoint.