Neo4j standalone instance (VM-based)

You can deploy a Neo4j standalone instance using an image from the GCP Marketplace.


Create a firewall rule to access your instance

Create a firewall rule to be able to access your instance when it is launched:

gcloud compute firewall-rules create allow-neo4j-bolt-http-https \ (1)
  --allow tcp:7473,tcp:7474,tcp:7687 \ (2)
  --source-ranges \ (3)
  --target-tags neo4j (4)
1 Create a firewall rule with the name allow-neo4j-bolt-http-https.
2 Allow traffic on ports:
  • 7473 (HTTPS, for Neo4j Browser and HTTP API).

  • 7474 (HTTP, for Neo4j Browser and HTTP API).

  • 7687 (Bolt Protocol).

3 The ranges, provided with the --source-ranges argument, allow the entire Internet to contact your new instance.
4 The --target-tags argument specifies that this rule applies only to VMs tagged with neo4j.
When you launch your instance, you have to apply that tag to it.

Create a Google compute instance from the Neo4j public image

  1. List all available Neo4j public images.

    The images are published in a GCP project called launcher-public, so by listing images in that project, you can see what is available.

    launcher-public images
    gcloud compute images list --project launcher-public
    launcher-public images — filtered on Neo4j 4.X versions
    gcloud compute images list --project launcher-public | grep --extended-regexp "neo4j-(community|enterprise)-1-4-.*"

    For example, the image neo4j-enterprise-1-4-2-2-apoc includes Neo4j Enterprise 4.2.2 with the APOC plugin.

  2. Create a new instance.

    You create and launch an instance by using the following gcloud commands:

    gcloud config set project <project-id> (1)
    gcloud compute instances create my-neo4j-instance --image-project launcher-public \ (2)
      --image <neo4j-image-name> \ (3)
      --tags neo4j (4)
    1 Set your project configuration to ensure you know where you are launching your instance.
    2 Launch an image found in the provided public project launcher-public.
    3 Replace <neo4j-image-name> with the image name you want to launch.
    4 The --tags argument allows you to configure the correct network permissions.
    By default, Google blocks all external access to the network services unless you open them.
  3. Note the EXTERNAL_IP.

    When the launch is successful, you get the following result:

    Example output
    Created [].
    my-neo4j-instance  europe-north1-a  n1-standard-1          RUNNING

    Note the IP address[1] in the EXTERNAL_IP column, this is for the Neo4j server.

The gcloud tool comes with many command-line options. For more details on how to deal with machine type, memory, available storage, etc., consult the Google Cloud documentation.

Access your new instance

Navigate to http://[EXTERNAL_IP]:7474/browser or https://[EXTERNAL_IP]:7473/browser, log in with the default username neo4j and password neo4j, and change the password, when prompted.

Neo4j 3.X versions include a self-signed certificate for TLS. Because you do not have a hostname or a valid SSL certificate configured by default, your browser will warn you that the certificate is not trusted.

Neo4j 4.X versions do not include any certificate for TLS. You can configure the certificate later.

Access your instance via SSH

You can run the following command to SSH into the instance:

gcloud compute ssh my-neo4j-instance

Inside the VM, you can check the status of the neo4j service:

sudo systemctl status neo4j
● neo4j.service - Neo4j Graph Database
   Loaded: loaded (/etc/systemd/system/neo4j.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2021-01-01 13:01:02 UTC; 40min ago
 Main PID: 937 (java)
    Tasks: 62 (limit: 4401)
   CGroup: /system.slice/neo4j.service
           └─937 /usr/bin/java -cp /var/lib/neo4j/plugins:/etc/neo4j:/usr/share/neo4j/lib/*:/var/lib/neo4j/plugins/* -XX:+UseG1GC -XX:-OmitStackTraceInFastThrow

Delete your instance

You can run the following command to delete your instance:

gcloud compute instances delete my-neo4j-instance