4.7. Configure connectors

This section describes how to configure connectors for Neo4j.

This section describes the following:

4.7.1. Available connectors

The table below lists the available Neo4j connectors:

Table 4.3. Default connectors and their ports
Connector name Protocol Default port number

dbms.connector.bolt

Bolt

7687

dbms.connector.http

HTTP

7474

dbms.connector.https

HTTPS

7473

When configuring the HTTPS connector, see also Section 9.2, “SSL framework” for details on how to work with SSL certificates.

4.7.2. Configuration options

The connectors are configured by settings on the format <connector name>.<suffix>. The available suffixes are described in the table below:

Table 4.4. Configuration option suffixes for connectors
Option name Default Setting(s) Description

enabled

true

dbms.connector.bolt.enabled, dbms.connector.http.enabled, dbms.connector.https.enabled

This setting allows the client connector to be enabled or disabled. When disabled, Neo4j does not listen for incoming connections on the relevant port.

listen_address

127.0.0.1:<connector-default-port>

dbms.connector.bolt.listen_address, dbms.connector.https.listen_address, dbms.connector.http.listen_address

This setting specifies how Neo4j listens for incoming connections. It consists of two parts; an IP address (e.g. 127.0.0.1 or 0.0.0.0) and a port number (e.g. 7687), and is expressed in the format <ip-address>:<port-number>. See below for an example of usage.

advertised_address

localhost:<connector-default-port>

dbms.connector.bolt.advertised_address, dbms.connector.https.advertised_address, dbms.connector.http.advertised_address

This setting specifies the address that clients should use for this connector. This is useful in a Causal Cluster as it allows each server to correctly advertise addresses of the other servers in the cluster. The advertised address consists of two parts; an address (fully qualified domain name, hostname, or IP address) and a port number (e.g. 7687), and is expressed in the format <address>:<port-number>. See below for an example of usage.

tls_level

OPTIONAL

dbms.connector.bolt.tls_level

This setting is only applicable to the Bolt connector. It allows the connector to accept encrypted and/or unencrypted connections. The default value is OPTIONAL, where either encrypted or unencrypted client connections are accepted by this connector. Other values are REQUIRED and DISABLED. Use REQUIRED when only encrypted client connections are to be accepted by this connector, and all unencrypted connections will be rejected. Use DISABLED when only unencrypted client connections are to be accepted by this connector, and all encrypted connections will be rejected.

It is not possible to disable the HTTP connector.

To prevent clients from connecting to HTTP, you should block the HTTP port with the firewall, or configure listen_address for the http connector to only listen on the loopback interface (127.0.0.1), thereby preventing connections from remote clients.

Example 4.3. Specify listen_address for the Bolt connector

To listen for Bolt connections on all network interfaces (0.0.0.0) and on port 7000, set the listen_address for the Bolt connector:

dbms.connector.bolt.listen_address=0.0.0.0:7000
Example 4.4. Specify advertised_address for the Bolt connector

If routing traffic via a proxy, or if port mappings are in use, it is possible to specify advertised_address for each connector individually. For example, if port 7687 on the Neo4j Server is mapped from port 9000 on the external network, specify the advertised_address for the Bolt connector:

dbms.connector.bolt.advertised_address=<server-name>:9000

4.7.3. Options for Bolt thread pooling

See Section 11.4, “Bolt thread pool configuration” to learn more about Bolt thread pooling and how to configure it on the connector level.

4.7.4. Defaults for addresses

It is possible to specify defaults for the configuration options with listen_address and advertised_address suffixes, as described below. Setting a default value will apply to all the connectors, unless specifically configured for a certain connector.

The default address settings can only accept the hostname or IP address portion of the full socket address. Port numbers are protocol-specific, and are added by the protocol-specific connector configuration. For example, dbms.connectors.default_advertised_address=:7687

It is important to note that if the default address contains :, this will cause the value to be interpreted as an IPv6 address, and not as a port separator.

For example, if you configure the default address value to be example.com:9999, you will get the following error in the console log:

Malformed IPv6 address at index 8: bolt://[example.com:9999]:7687
dbms.connectors.default_listen_address

This configuration option defines a default IP address of the settings with the listen_address suffix for all connectors. If the IP address part of the listen_address is not specified, it is inherited from the shared setting dbms.connectors.default_listen_address.

Example 4.5. Specify listen_address for the Bolt connector

To listen for Bolt connections on all network interfaces (0.0.0.0) and on port 7000, set the listen_address for the Bolt connector:

dbms.connector.bolt.listen_address=0.0.0.0:7000

This is equivalent to specifying the IP address by using the dbms.connectors.default_listen_address setting, and then specifying the port number for the Bolt connector.

dbms.connectors.default_listen_address=0.0.0.0

dbms.connector.bolt.listen_address=:7000
dbms.connectors.default_advertised_address

This configuration option defines a default address of the settings with the advertised_address suffix for all connectors. If the address part of the advertised_address is not specified, it is inherited from the shared setting dbms.connectors.default_advertised_address.

Example 4.6. Specify advertised_address for the Bolt connector

Specify the address that clients should use for the Bolt connector:

dbms.connector.bolt.advertised_address=server1:9000

This is equivalent to specifying the address by using the dbms.connectors.default_advertised_address setting, and then specifying the port number for the Bolt connector.

dbms.connectors.default_advertised_address=server1

dbms.connector.bolt.advertised_address=:9000