Configure connectors

Neo4j provides support for Bolt, HTTP, and HTTPS protocols using connectors. Connectors are configured in the neo4j.conf file.

Available connectors

The table below lists the available Neo4j connectors:

Table 1. Neo4j connectors and port number
Connector name	Protocol	Default port number
`server.bolt`	Bolt	`7687`
`server.http`	HTTP	`7474`
`server.https`	HTTPS	`7473`

When configuring the HTTPS or Bolt connector, see also SSL framework for details on how to work with SSL certificates.

Configuration options

The connectors are configured by settings on the format server.<connector-name>.<setting-suffix>>. The available suffixes are described in the table below:

Table 2. Configuration option suffixes for connectors
Option name	Default	Setting(s)	Description
`enabled`	`true` ^[1]	`server.bolt.enabled`, `server.http.enabled`, `server.https.enabled` ^[2]	This setting allows the client connector to be enabled or disabled. When disabled, Neo4j does not listen for incoming connections on the relevant port.
`listen_address`	`127.0.0.1:<connector-default-port>`	`server.bolt.listen_address`, `server.https.listen_address`, `server.http.listen_address`	This setting specifies how Neo4j listens for incoming connections. It consists of two parts; an IP address (e.g. 127.0.0.1 or 0.0.0.0) and a port number (e.g. 7687), and is expressed in the format `<ip-address>:<port-number>`. See below for an example of usage.
`advertised_address`	`localhost:<connector-default-port>`	`server.bolt.advertised_address`, `server.https.advertised_address`, `server.http.advertised_address`	This setting specifies the address that clients should use for this connector. This is useful in a cluster as it allows each server to correctly advertise addresses of the other servers in the cluster. The advertised address consists of two parts; an address (fully qualified domain name, hostname, or IP address) and a port number (e.g. 7687), and is expressed in the format `<address>:<port-number>`. See below for an example of usage.
`tls_level`	`DISABLED`	`server.bolt.tls_level`	This setting is only applicable to the Bolt connector. It allows the connector to accept encrypted and/or unencrypted connections. The default value is `DISABLED`, where only unencrypted client connections are to be accepted by this connector, and all encrypted connections will be rejected. Other values are `REQUIRED` and `OPTIONAL`. Use `REQUIRED` when only encrypted client connections are to be accepted by this connector, and all unencrypted connections will be rejected. Use `OPTIONAL` where either encrypted or unencrypted client connections are accepted by this connector.
1. When Neo4j is used in embedded mode, the default value is `false`. 2. The default value for `server.https.enabled` is `false`.

Example 1. Specify listen_address for the Bolt connector

To listen for Bolt connections on all network interfaces (0.0.0.0) and on port 7000, set the listen_address for the Bolt connector:

server.bolt.listen_address=0.0.0.0:7000

Example 2. Specify advertised_address for the Bolt connector

If routing traffic via a proxy, or if port mappings are in use, it is possible to specify advertised_address for each connector individually. For example, if port 7687 on the Neo4j Server is mapped from port 9000 on the external network, specify the advertised_address for the Bolt connector:

server.bolt.advertised_address=<server-name>:9000

Options for Bolt thread pooling

See Bolt thread pool configuration to learn more about Bolt thread pooling and how to configure it on the connector level.

Defaults for addresses

It is possible to specify defaults for the configuration options with listen_address and advertised_address suffixes, as described below. Setting a default value will apply to all the connectors, unless specifically configured for a certain connector.

server.default_listen_address

This configuration option defines a default IP address of the settings with the listen_address suffix for all connectors. If the IP address part of the listen_address is not specified, it is inherited from the shared setting server.default_listen_address.

Example 3. Specify listen_address for the Bolt connector

To listen for Bolt connections on all network interfaces (0.0.0.0) and on port 7000, set the listen_address for the Bolt connector:

server.bolt.listen_address=0.0.0.0:7000

This is equivalent to specifying the IP address by using the server.default_listen_address setting, and then specifying the port number for the Bolt connector.

server.default_listen_address=0.0.0.0

server.bolt.listen_address=:7000

server.default_advertised_address

This configuration option defines a default address of the settings with the advertised_address suffix for all connectors. If the address part of the advertised_address is not specified, it is inherited from the shared setting server.default_advertised_address.

Example 4. Specify advertised_address for the Bolt connector

Specify the address that clients should use for the Bolt connector:

server.bolt.advertised_address=server1:9000

This is equivalent to specifying the address by using the server.default_advertised_address setting, and then specifying the port number for the Bolt connector.

server.default_advertised_address=server1

server.bolt.advertised_address=:9000

The default address settings can only accept the hostname or IP address portion of the full socket address. Port numbers are protocol-specific, and can only be added by the protocol-specific connector configuration.

For example, if you configure the default address value to be example.com:9999, Neo4j will fail to start and you will get an error in neo4j.log.