I have a remote AuraDB, but I'm unable to visualize with neovis.js
var config = {
container_id: "viz",
server_url: "bolt://<server_url>:7687",
server_user: <user>,
server_password: <pwd>,
initial_cypher: "match n=(:Person)-[:Knows]->(:Person) return n"
}
The above code segment is from the neovis GitHub documentation.
(https://github.com/neo4j-contrib/neovis.js/)
If I use the "bolt" protocol, the error is :
Neo4jError: WebSocket connection failure. Due to security constraints in your web browser, the reason for the failure is not available to this Neo4j Driver. Please use your browsers development console to determine the root cause of the failure. Common reasons include the database being unavailable, using the wrong connection URL or temporary network problems. If you have enabled encryption, ensure your browser is configured to trust the certificate Neo4j is configured to use. WebSocket readyState is: 3
If I use the "neo4j" protocol, then :
Neo4jError: Could not perform discovery. No routing servers available.
If I use the "neo4j+s" / "neo4j+ssc" protocols, then :
Encryption/trust can only be configured either through URL or config, not both
I have observed neovis plugin for my webapp works well with a local neo4j db and the bolt protocol.
Please help me out with some understanding in the case of visualizing a remote neo4j aura db.
Aura has strict encryption policies. And the driver config used for neovis.js seems half-baked. It doesn't seem to be enough for Aura and doesn't seem to allow turning encryption off completely either.
So the best option here is to enforce encryption in the config and use an unencrypted connection Scheme.
Working config for Aura by using an unencrypted connection URI and enforcing encryption in the config
var config = {
encrypted:"ENCRYPTION_ON",
trust: "TRUST_SYSTEM_CA_SIGNED_CERTIFICATES",
container_id: "viz",
server_url: "neo4j://<dbid>.databases.neo4j.io",
...
Updated Solution for Neovis 2.0.2, from this GitHub issue
var config = {
containerId: "viz",
neo4j: {
serverUrl: "neo4j://<dbid>.databases.neo4j.io",
serverUser: "neo4j",
serverPassword: "secret",
driverConfig: {
encrypted: "ENCRYPTION_ON",
trust: "TRUST_SYSTEM_CA_SIGNED_CERTIFICATES"
}
},
Related
We have configured our Jenkins server to use a fixed port and JNLP 4.
Our info sec team has flagged that if one were to open a web browser pointing at the JNLP port, the internal properties below are listed which includes the internal ip of the Jenkins server.
Jenkins-Agent-Protocols:
Jenkins-Version:
Jenkins-Session:
Client:
Server:
Remoting-Minimum-Version:
Is this information necessary? Is this something which can be suppressed?
From the source: https://github.com/jenkinsci/jenkins/blob/master/core/src/main/java/hudson/TcpSlaveAgentListener.java
It looks like there is no mechanism to turn it off, and according to the comments, it seems to be only for testing:
String header = new String(head, Charsets.US_ASCII);
if (header.startsWith("GET ")) {
// this looks like an HTTP client
respondHello(header,s);
return;
}
// otherwise assume this is AgentProtocol and start from the beginning
(...)
/**
* Respond to HTTP request with simple diagnostics.
* Primarily used to test the low-level connectivity.
*/
private void respondHello(String header, Socket s) throws IOException {
(...)
If infosec requires you to turn this off, you might need to open a support ticket with cloudbees.
We've setup Cloudfront in front of our application, but unfortunately it strips the Upgrade header required for ActionCable to run.
We'd like to have a different subdomain that points to the same servers, but bypasses Cloudfront (socket.site.com, for instance). We've done this and it's somewhat working, but it seems like a persistent connection can't be made. ActionCable continues to retry to make the connection every 10s and seems unable to hold the connection open:
Any advice related to Cloudfront or different domains for ActionCable is appreciated.
To all who follow, hopefully this helps.
As of the time of me writing this (Oct. 2018), it doesn't appear that you can use ActionCable behind Cloudfront at all. CF will discard the upgrade header which will prevent a secure socket connection from ever being made.
Our setup was CF -> Application Load Balancer (ALB) -> EC2. On the AWS side, we began by making a subdomain (socket.example.com) that pointed directly to the same ALB and bypassed CF entirely. Note that Classic Load Balancers absolutely will not work. You can only use ALBs.
This alone did not fix the issue. On your Rails config, you have to add the following lines to your production.rb:
config.action_cable.url = 'wss://socket.example.com:28080/cable'
config.action_cable.allowed_request_origins = ['https://example.com'] # Not the subdomain
You may also need to update your CSP to include wss://socket.example.com/cable for connect_src.
If at this point you're getting a message about failing to upgrade, you need to ensure that your NGINX config is correct. This answer may help.
You will also need to reflect this change in your cable.js. This following snippet works for me with local development as well as production, but you may need to alter it. I wrote it with pre-ES6 in mind because this file never hit Babel in our configuration.
(function() {
this.App || (this.App = {})
var wsUrl
if(location.host.indexOf('localhost') != -1) {
wsUrl = '/cable'
} else {
var host = location.host
var protocol = location.protocol
wsUrl = protocol + '//socket.' + host + '/cable'
}
App.cable = ActionCable.createConsumer(wsUrl)
}).call(this)
That may be all you need, depending on your authentication scheme. However, I was using cookies shared between the main application and ActionCable and this caused a difficult bug. The connection would appear to be made correctly, but it would actually fail and ActionCable would retry every 10s. The final step was to ensure the auth cookies being set would work across the socket subdomain. I updated my cookie as such:
cookies.signed[:cookie_name] = {
value: payload,
domain: ['.socket.example.com', '.example.com']
# Some people have to specify tld_length, but I was fine without it
}
I am new to Neo4j and am reading this example:
try ( HelloWorldExample greeter = new HelloWorldExample( "bolt://localhost:7687", "neo4j", "test" ) )
{
greeter.printGreeting( "hello, world" );
}
In my Eclipse, this code works fine. However, I already have a Neo4j database which I can access through
http://localhost:7474/browser/
My question is in my Java code above, how can I access my existing Neo4j database? If I change "bolt://localhost:7687" to "http://localhost:7474", I received this error:
Exception in thread "main" org.neo4j.driver.v1.exceptions.ClientException: Unsupported URI scheme: http
at org.neo4j.driver.internal.DriverFactory.createDriver(DriverFactory.java:125)
at org.neo4j.driver.internal.DriverFactory.newInstance(DriverFactory.java:82)
at org.neo4j.driver.v1.GraphDatabase.driver(GraphDatabase.java:136)
at org.neo4j.driver.v1.GraphDatabase.driver(GraphDatabase.java:119)
at org.neo4j.driver.v1.GraphDatabase.driver(GraphDatabase.java:94)
at neo4j.Neo4j.<init>(Neo4j.java:19)
at neo4j.Neo4j.main(Neo4j.java:50)
So how can I access my existing database (http://localhost:7474) through 'bolt'?
You can access a Neo4j database through 2 protocols :
HTTP/REST on default port 7474
BOLT on default port 7687
So on your example, you are trying to use a BOLT client on the HTTP, this can't work.
So the good url is the one into your java code : "bolt://localhost:7687"
I have succesfully used neo4jphp library with graphenedb with this simple steps as per documentation (considering that graphenedb does not require https)
require('vendor/autoload.php'); // or your custom autoloader
// Connecting to a different port or host
$client = new Everyman\Neo4j\Client(url, port);
// Connecting using HTTP and Basic Auth
$client->getTransport()
->setAuth('username', 'password');
// Test connection to server
print_r($client->getServerInfo());
However, when trying to connect to a graphstory instance (of course they both work fine if I call the rest api from browser, the neo4j console works fine etc.) which requires https as follows
require('vendor/autoload.php'); // or your custom autoloader
// Connecting to a different port or host
$client = new Everyman\Neo4j\Client(url, port);
// Connecting using HTTPS and Basic Auth
$client->getTransport()
->useHttps()
->setAuth('username', 'password');
// Test connection to server
print_r($client->getServerInfo());
I get the following error. They should be identical, I can't get why.
Fatal error: Uncaught exception 'Everyman\Neo4j\Exception' with message 'Can't open connection to https://neo-54f500bf2cc7e-364459c455.do-stories.graphstory.com:7473/db/data/' in /Applications/XAMPP/xamppfiles/htdocs/graphene/vendor/everyman/neo4jphp/lib/Everyman/Neo4j/Transport/Curl.php:91
Stack trace:
#0 /Applications/XAMPP/xamppfiles/htdocs/graphene/vendor/everyman/neo4jphp/lib/Everyman/Neo4j/Transport.php(95): Everyman\Neo4j\Transport\Curl->makeRequest('GET', '/', NULL)
#1 /Applications/XAMPP/xamppfiles/htdocs/graphene/vendor/everyman/neo4jphp/lib/Everyman/Neo4j/Command.php(64): Everyman\Neo4j\Transport->get('/', NULL)
#2 /Applications/XAMPP/xamppfiles/htdocs/graphene/vendor/everyman/neo4jphp/lib/Everyman/Neo4j/Client.php(828): Everyman\Neo4j\Command->execute()
#3 /Applications/XAMPP/xamppfiles/htdocs/graphene/vendor/everyman/neo4jphp/lib/Everyman/Neo4j/Client.php(464): Everyman\Neo4j\Client->runCommand(Object(Everyman\Neo4j\Command\GetServerInfo))
#4 /Applications/XAMPP/xamppfiles/htdocs/graphene/story.php(20): Every in /Applications/XAMPP/xamppfiles/htdocs/graphene/vendor/everyman/neo4jphp/lib/Everyman/Neo4j/Transport/Curl.php on line 91
It seems to me that neo4jphp is not configuring the TLS part in the cURL request.
I fixed it by downloading the certificate bundle from http://curl.haxx.se/docs/caextract.html (ca_bundle.crt) and adding the following line to Everyman\Neo4j\Transport\Curl.php, function makeRequest:
$options[CURLOPT_CAINFO] = "your/path/to/ca-bundle.crt";
I've created an issue on GitHub for this: https://github.com/jadell/neo4jphp/issues/171
I'm the CTO/Lead Dev at Graph Story. Sorry to hear you're having troubles. I've actually just taken a look at your instance and things seem OK from the server side.
Without additional info it's hard to say if there's an issue with your sample connection code. Considering that you've used that same library to connect to GrapheneDB in the past, I think the chances an error in the sample code is low.
Based on the current state of your instance and on the exception thrown by Neo4jPHP, my guess is that port 7473 may be blocked on your network. You can confirm that with local tech support or by switching to a network where you know port 7473 is open and trying to connect again.
I am trying to send mails from a Grails application, but without any success.
I've used gmail and other smtp server (without ssl!) but the same error occurs:
org.springframework.mail.MailSendException: Mail server connection failed; nested exception is javax.mail.MessagingException: Exception reading response;
nested exception is:
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?. Failed messages: javax.mail.MessagingException: Exception reading response;
nested exception is:
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?; message exceptions (1) are:
Failed message 1: javax.mail.MessagingException: Exception reading response;
nested exception is:
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
I am using in Config.groovy (example for gmail):
grails.mail.host = "smtp.gmail.com"
grails.mail.from = "xxx#gmail.com"
grails.mail.port = "465"
grails.mail.ssl = "on"
grails.mail.username = "xxx#gmail.com"
grails.mail.password = "xxx"
grails.mail.props = ["mail.smtp.auth": "true",
"mail.smtp.socketFactory.port": "465",
"mail.smtp.socketFactory.class": "javax.net.ssl.SSLSocketFactory",
"mail.smtp.socketFactory.fallback": "false",
"mail.smtp.starttls.enable": "true",
"mail.debug": "true"]
EDIT: I made a simple app with just the mail plugin and a controller and the config posted by Javid Jamae works (3rd answer, also I think the other should work).
BUT even if I just copy-paste the same config and the same sending mail code, on my primary project it still gives me the same exception! I think this can be caused by Nimble plugin (Mail plugin was installed by it).
My configuration is:
Grails version: 1.3.4
Groovy version: 1.7.4
JVM version: 1.6.0_21
jquery - 1.4.2.5
mail - 0.9
shiro - 1.0.1
nimble - 0.4-SNAPSHOT
FINAL EDIT :
I resolved the issue: it seems that I have to use the same settings in the Nimble plugin also, in NimbleConfig.groovy -> mail { ... (must have "from = ...") } .
Stupid issue, but waisted a lot of time on it.
I'm not using SSL and I have the following defined at the bottom of my Config.groovy (not under the environments section):
grails {
mail {
host = "smtp.gmail.com"
port = 465
username = "xxx#gmail.com"
password = "xxx"
props = ["mail.smtp.auth":"true",
"mail.smtp.socketFactory.port":"465",
"mail.smtp.socketFactory.class":"javax.net.ssl.SSLSocketFactory",
"mail.smtp.socketFactory.fallback":"false"]
}
}
I'm using:
app.grails.version=1.2.1
plugins.mail=0.9
This works for me.
You have enabled SSL:
grails.mail.ssl = "on"
And got exception
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?.
So disable SSL (my config):
host = "smtp.gmail.com"
port = 465
username = "username#gmail.com"
password = "password"
javaMailProperties = ['mail.smtp.auth': 'true',
'mail.smtp.socketFactory.port': '465',
'mail.smtp.socketFactory.class': 'javax.net.ssl.SSLSocketFactory',
'mail.smtp.socketFactory.fallback': 'false']
Anyway, if you want to enable SSL - try 587 port.
Also try to set
mail.smtp.starttls.required : 'true'
Because if server not supports secure connection or client doesn't accept server's certificate secure connection will not started and you will got your exception.
But after setting starttls.required = true and secure connection is impossible whole connection will fails so you got proper exception message.
P.S. Take a note that SSL and TLS - is different protocols.
I dont have this line in my configuration
"mail.smtp.starttls.enable": "true"
and my connection is working
also the port should not be in quotes
grails.mail.port = 465
I ran into a similar strain of this issue as well, so I'll share my experience. When using the Nimble plugin (which uses the Mail plugin as a dependency), Nimble defines its own mail settings in grails-app/conf/NimbleConfig.groovy.
The settings in NimbleConfig.groovy appear to overwrite those set in Config.groovy (presumably because NimbleConfig is executed after Config).
The solution here is conditional:
If you're using Nimble, set the mail properties in grails-app/conf/NimbleConfig.groovy; you do not need to set them in grails-app/conf/Config.groovy
If you're not using Nimble, then just follow the Mail plugin instructions for configuration (or use Javid Jamae's answer)
This seems to be what the OP alluded to in his/her edits, but I just thought I'd confirm the edits with my understanding of what's happening.
Update:
For a reference, here are the NimbleConfig.groovy settings that worked for me:
nimble {
...
messaging {
...
mail {
host = 'smtp.gmail.com'
port = 465
username = '...#gmail.com'
password = '...'
props = [
'mail.smtp.auth': 'true',
'mail.smtp.socketFactory.port': '465',
'mail.smtp.socketFactory.class': 'javax.net.ssl.SSLSocketFactory',
'mail.smtp.socketFactory.fallback': 'false'
]
}
}
}
You can verify your config settings at runtime by checking the
mailService.mailSender properties.Something like this:
mailService.mailSender.properties.each{println}
It will yield the host, port, username, password and a few other values.
If you're sure they are all correct, I would suspect a firewall issue.