4.1. Introduction

An introduction to how Neo4j runs in a Docker container.

This section includes:

The Neo4j Docker image, and instructions on how to start using it, can be found here: https://hub.docker.com/_/neo4j/.

4.1.1. Ports

By default, the Docker image exposes three ports for remote access:

  • 7474 for HTTP.
  • 7473 for HTTPS.
  • 7687 for Bolt.

Note that when Docker is used, Neo4j is configured automatically to allow remote access to the HTTP, HTTPS, and Bolt services. This is different than the default Neo4j configuration, where the HTTP, HTTPS, and Bolt services do not allow remote connections. For more information on configuring connections, see Section 5.6, “Configure connectors”.

4.1.2. Volumes

The Docker image also exposes the following volumes. Directories on the host can be mounted using the --volume option. See Section 5.2, “File locations” for details about the directories used by default in different Neo4j distributions.

  • /conf
  • /data
  • /import
  • /logs
  • /metrics
  • /plugins
  • /ssl

It is often desirable to keep database and logs outside of the container. The following command will start a container with ports for Bolt and HTTP published, and with the /data and /logs volumes mapped to directories on the host.

docker run \
    --publish=7474:7474 --publish=7687:7687 \
    --volume=$HOME/neo4j/data:/data \
    --volume=$HOME/neo4j/logs:/logs \
    neo4j:4.1

Point your browser at http://localhost:7474 on Linux or http://$(docker-machine ip default):7474 on macOS.

All the volumes in this documentation are stored under $HOME in order to work on macOS where $HOME is automatically mounted into the machine VM. On Linux the volumes can be stored anywhere.

4.1.3. Using NEO4J_AUTH to set an initial password

By default, Neo4j requires authentication and prompts you to login with a username/password of neo4j/neo4j at the first connection. You are then prompted to set a new password. For more information about setting the initial password for Neo4j, see Section 5.4, “Set an initial password”.

When using Neo4j in a Docker container, you can set the initial password for the container directly by specifying the NEO4J_AUTH in your run directive:

--env NEO4J_AUTH=neo4j/your_password

Alternatively, you can disable authentication by specifying NEO4J_AUTH to none:

--env NEO4J_AUTH=none

Please note that there is currently no way to change the initial username from neo4j.

If you have mounted a /data volume containing an existing database, setting NEO4J_AUTH will have no effect. The Neo4j Docker service will start, but to log in you will need a username and password already associated with the database.

4.1.4. Running Neo4j as a non-root user

For security reasons Neo4j will run as the neo4j user inside the container. You can specify which user to run as by invoking docker with the --user argument. For example, the following would run Neo4j as your current user:

docker run \
    --publish=7474:7474 --publish=7687:7687 \
    --volume=$HOME/neo4j/data:/data \
    --volume=$HOME/neo4j/logs:/logs \
    --user="$(id -u):$(id -g)" \
    neo4j:4.1

4.1.5. Neo4j editions

Tags are available for both Community Edition and Enterprise Edition. Version-specific Enterprise Edition tags have an -enterprise suffix, for example: neo4j:4.1.1-enterprise. Community Edition tags have no suffix, for example neo4j:4.1.1. The latest Neo4j Enterprise Edition release is available as neo4j:enterprise.

4.1.5.1. Neo4j Enterprise Edition license

In order to use Neo4j Enterprise Edition you must accept the license agreement.

© Network Engine for Objects in Lund AB. 2018. All Rights Reserved. Use of this Software without a proper commercial license with Neo4j, Inc. or its affiliates is prohibited.

Email inquiries can be directed to: licensing@neo4j.com

More information is also available at: https://neo4j.com/licensing/

To accept the license agreement set the environment variable NEO4J_ACCEPT_LICENSE_AGREEMENT=yes.

To do this you can use the following docker argument:

--env NEO4J_ACCEPT_LICENSE_AGREEMENT=yes

4.1.6. Using Neo4j Labs plugins

The Neo4j Docker image includes a startup script which can automatically download and configure certain Neo4j plugins at runtime.

This feature is intended to facilitate using Neo4j Labs plugins in development environments, but it is not recommended for use in production environments.

To use plugins in production with Neo4j Docker containers, see Using /plugins.

The NEO4JLABS_PLUGINS environment variable can be used to specify the plugins to install using this method. This should be set to a JSON-formatted list of supported plugins.

For example, to install both the APOC and GraphQL plugins, you can use the following Docker argument:

--env NEO4JLABS_PLUGINS=["apoc","graphql"]

If a single plugin is required, it must still be specified as a JSON-formatted list. For example, to install the Neo Semantics n10s plugin, you can use the following Docker argument:

--env NEO4JLABS_PLUGINS=["n10s"]
Table 4.1. Supported Neo4j Labs plugins
Name Key Further information

APOC

apoc

https://neo4j.com/labs/apoc/

GraphQL

graphql

https://neo4j.com/labs/grandstack-graphql/

Neo Semantics

n10s

https://neo4j.com/labs/nsmtx-rdf/