The neo4j.conf file

Introduction of the neo4j.conf file, and its syntax.

For a complete reference of Neo4j configuration settings, see Configuration settings.

1. Introduction

The neo4j.conf file is the main source of configuration settings in Neo4j and includes the mappings of configuration setting keys to values. The location of the neo4j.conf file in the different configurations of Neo4j is listed in Default file locations.

Most of the configuration settings in the neo4j.conf file apply directly to Neo4j itself, but there are also other settings related to the Java Runtime (the JVM) on which Neo4j runs. For more information, see the JVM specific configuration settings below. Many of the configuration settings are also used by the neo4j launcher scripts.

2. Syntax

  • The equals sign (=) maps configuration setting keys to configuration values.

  • Lines that start with the number sign (#) are handled as comments.

  • Empty lines are ignored.

  • Configuring a setting in neo4j.conf will overwrite any default values. In case a setting can define a list of values, and you wish to amend the default values with custom values, you will have to explicitly list the default values along with the new values.

  • There is no order for configuration settings, and each setting in the neo4j.conf file must be uniquely specified. If you have multiple configuration settings with the same key, but different values, this can lead to unpredictable behavior.

    The only exception to this is dbms.jvm.additional. If you set more than one value for dbms.jvm.additional, then each setting value will add another custom JVM argument to the java launcher.

3. JVM-specific configuration settings

A Java virtual machine (JVM) is a virtual machine that enables a computer to run Java programs as well as programs written in other languages that are also compiled to Java bytecode. The Java heap is where the objects of a Java program live. Depending on the JVM implementation, the JVM heap size often determines how and for how long time the virtual machine performs garbage collection.

Table 1. JVM-specific settings
Setting Description

dbms.memory.heap.initial_size

Sets the initial heap size for the JVM. By default, the JVM heap size is calculated based on the available system resources.

dbms.memory.heap.max_size

Sets the maximum size of the heap for the JVM. By default, the maximum JVM heap size is calculated based on the available system resources.

dbms.jvm.additional

Sets additional options for the JVM. The options are set as a string and can vary depending on JVM implementation.

If you want to have good control of the system behavior, it is recommended to set the heap size parameters to the same value to avoid unwanted full garbage collection pauses.

4. List currently active settings

You can use the procedure dbms.listConfig() to list the currently active configuration settings and their values.

Example 1. List currently active configuration settings
CALL dbms.listConfig()
YIELD name, value
WHERE name STARTS WITH 'dbms.default'
RETURN name, value
ORDER BY name
LIMIT 3;
+-------------------------------------------------+
| name                              | value       |
+-------------------------------------------------+
| "dbms.default_advertised_address" | "localhost" |
| "dbms.default_database"           | "neo4j"     |
| "dbms.default_listen_address"     | "localhost" |
+-------------------------------------------------+

See also Dynamic settings for information about dynamic settings.

5. Command expansion

Command expansion provides an additional capability to configure Neo4j by allowing you to specify scripts that set values sourced from external files. This is especially useful for:

  • avoiding setting sensitive information, such as usernames, passwords, keys, etc., in the neo4j.conf file in plain text.

  • handling the configuration settings of instances running in environments where the file system is not accessible.

5.1. How it works

The scripts are specified in the neo4j.conf file with a $ prefix and the script to execute within brackets (), i.e., dbms.setting=$(script_to_execute).
The configuration accepts any command that can be executed within a child process by the user who owns and executes the Neo4j server. This also means that, in the case of Neo4j set as a service, the commands are executed within the service.

A generic example would be:

neo4j.configuration.example=$(/bin/bash echo "expanded value")

By providing such a configuration in the neo4j.conf file upon server start with command expansion enabled, Neo4j will evaluate the script and retrieve the value of the configuration settings prior to the instantiation of Neo4j. The values are then passed to the starting Neo4j instance and kept in memory, in the running instance.

You can also use the curl (https://curl.se/docs/manpage.html) command to fetch a token or value for a configuration setting. For example, you can apply an extra level of security by replacing any sensitive information in your neo4j.conf file with a secured reference to a provider of some sort.

Scripts are run by the Neo4j process and are expected to exit with code 0 within a reasonable time. The script output should be of a valid type for the setting. Failure to do so will prevent Neo4j from starting.

Scripts and their syntax differ between operating systems.

5.2. Enabling

The Neo4j startup script and the neo4j service can expand and execute the external commands by using the argument --expand-commands.

bin/neo4j start --expand-commands

If the startup script does not receive the --expand-commands argument, commands in the configuration file will be treated as invalid settings.

Neo4j performs the following basic security checks on the neo4j.conf file. If they fail, Neo4j will not evaluate the script commands in neo4j.conf, and the Neo4j process will not start.

On Unix (both Linux and Mac OS)
  • The neo4j.conf file must only be writeable (but not executable) by its owner.

  • The neo4j.conf file must only be readable by its group and owner.

  • The Neo4j process must run as a user who is either the owner of the neo4j.conf file or in the group of the neo4j.conf file.

The Linux permissions bitmask for the least restrictive permissions is 640. More restrictive Linux permissions are also allowed. For example, the neo4j.conf file can have no group permissions and only be readable by its owner (400 bitmask).

On Windows
  • The neo4j.conf file must only be writeable (but not executable) by the user that the Neo4j process runs as.

  • The neo4j.conf file must only be readable by the user that the Neo4j process runs as.

5.3. Logging

The execution of scripts is logged in neo4j.log. For each setting that requires the execution of an external command, Neo4j adds an entry into the log file that contains information, for example:

… Executing the external script to retrieve the value of <setting>...

5.4. Error Handling

The scripts' execution may generate two types of errors:

  • Errors during the execution — These errors are reported in the debug.log, with a code returned from the external execution. In this case, the execution will stop and the server will not start.

  • Errors for incorrect values — The returned value is not the one expected for the setting. In this case, the server will not start.