WebSocket connection failure. Due to security constraints in your web browser - neo4j

Today I download neo4j-community-3.2.0 in windows, when i start the server, i meet one problem in browser, i meet this problem in neo4j-community-3.1.2 and i had solved it by Ticking the "Do not use Bolt" option in settings solved the issue. But in neo4j-community-3.2.0 , i can't see "Do not use Bolt" option ,and i don't know how to do.
N/A: WebSocket connection failure. Due to security constraints in your web browser, the reason for the failure is not available to this Neo4j Driver. Please use your browsers development console to determine the root cause of the failure. Common reasons include the database being unavailable, using the wrong connection URL or temporary network problems. If you have enabled encryption, ensure your browser is configured to trust the certificate Neo4j is configured to use. WebSocket readyState is: 3

This happens because the browser is trying (under the hood) to also access the bolt port, which uses an unsigned certificate.
You probably allowed the browser to access the SSL 7474 port through allowing the unsigned certificate as an exception on your browser (and if you didn't, you should in order to make it work).
The url was:
https://[neo4j_host]:7474
Do the same for the bolt certificate, allow it as an exception for url:
https://[neo4j_host]:7687

I ran into the same problem trying to use Neo4j Community Edition on an AWS Ubuntu 16.04 instance. The key thing that solved it was to open port 7687 (the bolt port) in the AWS security group settings.
Found this based on https://stackoverflow.com/a/45234105/1529646
Thus, full answer is:
Make sure to configure Neo4j correctly, ie. uncomment the line dbms.connectors.default_listen_address=0.0.0.0 AND the line dbms.connector.bolt.listen_address=:7687
Open ports 7474 AND 7687 in the AWS security group settings.

In the lower left corner of the browser gear, select do not use bolt.
Open your ${NEO4J_HOME}/conf/neo4j.conf file and edit the bolt settings. It is just about uncommenting this line dbms.connector.bolt.address=0.0.0.0:7687
Change the version of Neo4j
Check your JDK version, use JDK1.8

Adding another option, which worked for me. If your bolt's tls_level is set to REQUIRED, you need to change it to OPTIONAL, if you are not using it with SSL certificate; to get this working.
If you are using Neo4J Community Edition (ver 3.5.1 - in my case) from AWS Marketplace, you need to change the configuration in:
/etc/neo4j/pre-neo4j.sh
Change this line:
echo "dbms_connector_bolt_tls_level" "${dbms_connector_bolt_tls_level:=REQUIRED}"
to
echo "dbms_connector_bolt_tls_level" "${dbms_connector_bolt_tls_level:=OPTIONAL}"
You can find more about Neo4J connector configuration option here. Ideally as per docs, by default bolt.tls_level should have been OPTIONAL only. But I'm not really sure what exactly happened in my case, which got it changed to REQUIRED. Or if it came as is from AWS Marketplace.

Assuming you have valid certs and placed them under the correct certificates directory:
dbms.ssl.policy.bolt.client_auth=NONE
Version 4.0. Took it from this article.
I shared my full ssl config on this other answer.

I had the same error. New to Neo, so take this with a grain of salt, but my solution didn't match these above idea. But thanks as they did lead me to the right "water". So
I went into the conf file, noticed that there was the same port number (previously, the Neo desktop had been constantly telling me it'd needed to update the port numbers...I never checked to verity, but they'd be #, #+1 and #+2. But that didn't work yet that'd happened again and again...but now, after checking the conf file myself, I noticed that the number was the same for all three port requirements for BOLT. Tried that and it didn't work either...but maybe that was important in what did:
In the folder, where the specific database is housed, named "..neo4jdatabases/[GUID Value]" there were two directories titled "/installation-3.4.0" and "...1". I removed the ".0", restarted things and IT WORKED.
So, either there should NOT be two versions under the same database collection OR that's true AND you need the three ports to be the same.
Final add for any Neo4j experts who actually know what they're doing, I have three databases running, two without issue. This occurred AFTER I was messing around trying to see how PowerShell might be useful. Not sure if this is related, but the other databases have worked fine...but, this db is the original playground/sandbox I'd had since the beginning. Not 100% sure, I made the version update before or after, creating the other two databases. HTH.
Using a windows trial version on a Windows 10 machine. Current N4j version is 3.4.1.
Do love what I see so far with Neo BTW!!!

Please mention the correct bolt port under the Connect URL textbox.if you are using the service port the mention the service port in place of bolt port.
Then finally I resolve it by replacing the bolt port with service port inside k8s.
user: neo4j
password: neo4j

I resolve this error by replace the port 7687 with node port 30033 inside Neo4j
then it works fine.

I was facing the same issue with Neo4J version 4 installed on an Ubuntu 18 EC2 instance. Tthe workaround that did the trick for me was to replace the 0.0.0.0 entries in /etc/neo4j/neo4j.conf with the actual private IP of my instance.
Following are the lines where the replace happened:
dbms.default_listen_address=172.X.X.232
dbms.connector.bolt.address=172.X.X.232:7687
Post restart of the DB, the Connect URL when accessing from browser should also use the private IP instead of localhost.

Related

How to access phpmyadmin on DDEV Windows 10 pro localhost with SSL record too long error

I am using DDEv and Docker with Windows 10 pro to set up a localhost install of drupal 8.8 using Composer. I have set up and configured the local drupal installation (it is a fresh install) and it appears to be running correctly, but in the admin section of the drupal site I receive a warning to change write permissions of sites/default/settings.php.
I tried to change settings using Filezilla, but it appears that local files in Filezilla do not provide access to write permissions? When I right-click the file in Filezilla, no permissions option appears.
Following troubleshooting tips from ddev, I tried to access phpmyadmin at https://mysitename.ddev.site:8036
Instead of loading phpmyadmin, I got the following error message:
Secure Connection Failed
An error occurred during a connection to dmckimep.ddev.site:8036. SSL received a record that exceeded the maximum permissible length.
Error code: SSL_ERROR_RX_RECORD_TOO_LONG
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
I've been searching around for a couple of hours now and do not find a solution to this. I ran ddev describe and all seems fine with the installation. The drupal site in the container seems to run okay. There are no port conflicts present so far as I have found, so I am not sure why I cannot get access to phpmyadmin.
I am a relative newbie in terms of skills, but have successfully maintained drupal 4-7 on localhost with XAMPP and my web host. Now I am wrestling with the move to drupal 8/composer/docker/ddev. Any suggestions would be much appreciated.
Thank you!
Update 2022-09-14: DDEV has had https support fpr PHPMyAdmin and MailHog for years now, ddev describe will show you the URL.
(Original answer) ddev's PHPMyAdmin connection doesn't support https, just http. You can find the links for both PHPMyAdmin and MailHog using ddev describe; both are http-only, as in your example, http://mysitename.ddev.site:8036. It would be possible to provide https URLs for PHPMyAdmin and MailHog, but nobody has ever asked for them, and there's no security reason to do so.
Note that the key reason for https on the actual project URL is because real projects run behind https and people need to see problems like mixed content during the development phase. But there's no such need for PHPMyAdmin. However, I'm sure if people ever want it, we'll do it, it's not hard to do.
Just as a general add on, after ddev start you can run ddev launch -p in order to open PHPMyAdmin for the current project database in the browser.

trouble with neo4j over browser

I have neo4j 3.2.4 installed on a Ubuntu instance. After installing, all I've done to start neo4j is "sudo neo4j console" which directs me to a web interface. Unfortunately, I must connect to the web interface on a different computer which I can do via localhost:7474 or https://localhost:7473. (There is some port forwarding required.) Both get me to the landing page. There I am asked to enter a password (the default one) to connect to the database but I then get the error - "ServiceUnavailable: WebSocket connection failure. Due to security constraints in your web browser, the reason for the failure is not available to this Neo4j Driver ..."
The only site that suggests a solution is here. The suggested solution is to uncomment "dbms.connector.bolt.address=0.0.0.0:7687" in the neo4j.conf file which I did. I then restarted neo4j but I keep on getting the same error.
FWIW - telnet 127.0.0.1 7687 works so connecting to Bolt seems to be fine.
There is also a Github issue referencing this problem but no specific suggested solutions. (Neo4j - issue 504)
Any suggestions greatly appreciated.
Thank you for the information InverseFalcon. FWIW I got things to work by switching over to Firefox where I had also set up FoxyProxy. (So not sure if it was Firefox or FoxyProxy that helped - but would a place to start for anyone else having trouble.)
If you are able to open neo4j web interface, then goto settings -> Network connection section and then check the checkbox that says "Do Not Use Bolt".
After installing the Community edition 3.3.5 on Windows I was getting the same issue as mentioned above, using Chrome. After reading Greg's solution using Firefox, I switched to Internet Explorer and it worked fine.

Forgot Neo4j Server Password

Because this question was never answered, I was hoping someone could help me reset the password to connect to my neo4j password (at localhost:7474). Zachary wrote a post on solving this by someone restarting the service using:
sudo service neo4j-service restart
but I did not find this helpful. In the terminal, I ran bin/neo4j restart (which I think is the equivalent command), and was not able to reset my password.
Depending on environment and installation type you need to look for a file named auth under directory dbms and remove it.
In MacOs, for dmg installations (adjust for custom locations):
/Users/xyz/Documents/Neo4j/default.graphdb/dbms/auth
or (homebrew install)
/usr/local/Cellar/neo4j/x.x.x/libexec/data/dbms/auth
Windows users should look for same file in the default.graphdb/dbms directory.
In Ubuntu
/var/lib/neo4j/data/dbms/auth
In docker containers
/var/lib/neo4j/data/dbms/auth
Alternatively, you might choose to disable auth in the configuration file, usually found in
MacOs:
/Users/xyz/Documents/Neo4j/.neo4j.conf
or
/usr/local/Cellar/neo4j/x.x.x/libexec/conf
and set this property to false
dbms.security.auth_enabled=false
After doing this, you need to restart the server for changes to make effect, you will be asked for a new password.
In window machine, I deleted the auth file at following path :
Users\systemUser\Documents\Neo4j\default.graphdb\data\dbms and then I restarted the neo4j server.
Navigate to http://localhost:7474. It will ask you to enter the password for user neo4j. Enter default password (neo4j)
After this you will be navigated to change password screen. Change your password.
Note : for other operating systems auth file path may be different
I am running version 4.0.7. Many answers I found on the internet state "Delete /data/dbms/auth". That does not work for 4.0.7, that file does not exist.
I followed these instructions, and they worked.
https://neo4j.com/docs/operations-manual/current/configuration/password-and-user-recovery/
Mainly do this:
Stop neo4j if its running
edit /etc/neo4j/neo4j.conf, and uncomment dbms.security.auth_enabled=false
connect to the database and run
ALTER USER neo4j SET PASSWORD 'mynewpass';
:exit
Stop neo4j
comment out the dbms.security.auth_enabled=false
start neo4j
For the Mac, I had to remove ~/Documents/Neo4j/default.graphdb/data/dbms/auth
Then restart the server, and reset the password.
In addition to deleting the auth file, sudo rm /data/dbms/auth, I also had to set up local port forwarding for the browser port 7474 and the bolt connector port 7687. This is due to the outbound firewall for browsers of the network I am using.
On a DB and on a Windows installation of Neo4j Desktop (others can chime in if it works on Mac and Lnx), you can simply:
stop the DB,
click anywhere along the ribbon with the DB name and the "Open" button (this is hidden until you do a mousehover on this area) - I just click the name as there's no event on that label control and
you'll see along the RHS, the "Details", "Pluggins" and "Upgrade" options - select the "Details".
at the bottom, open the "Reset DBMS password" and you're good to go.
It's a bit scary as you don't need to know the original pwd...but since this should be used only for dev tasks and/or by the dba, that seems good for my lazy needs :)
HTH.

Can't access site on EC2 instance via public ip

I've been experimenting with EC2 for a couple days and have been banging my head against simply even being able to access the sample site I've hosted. The stack is Rails 3.1.3 with Thin and Nginx.
I've tried several different configurations and finally ended up running the Nginx auto install script, which does return a webpage when I do a curl http://ec2-107-20-143-179.compute-1.amazonaws.com/. However, when I point my browser there, it hangs forever before saying the page cannot be found.
I have assigned an Elastic IP address, and I've enabled HTTP access via port 80.
I don't much experience with the sysadmin side and I'm basically stumped at this point. Any advice would be greatly appreciated.
Did you enable the http port to all ips? That would be done by going to:
EC2 -> Security Group -> Default (or your custome one) -> Inbound
And then Create a new rule for HTTP and as a source, you should assign: 0.0.0.0/0
That should do it.
Think the AWS UI may have been updated but based on Deleteman's answer
Login to EC2 Dashboard
Instances > Instances
Actions dropdown > Networking > Change security groups
You will probably see that you only have launch-wizard-1 allowed which for me only allowed SSH access on port 22
So as Deleteman mentions, you may need to alter your security groups...
Login to EC2 Dashboard
Network and Security > Security Groups
Remove any filters that may be in the search box to show all groups
Personally I edited the default VPC security group as this is a sandbox for me, I imagine you'll want to create a security group for your project
Select the security group checkbox, select actions dropdown and click "edit the inbound rules", I used the following inbound rules just to be sure it was all working
When you revisit Instances > Instances > Description, you should see the security groups and the rules
Once you are happy it's working I would probably replace all traffic with HTTP and HTTPS if that's all that is needed
I was here earlier looking for a solution to a similar problem I was having. It turns out in my case that the EC2 instance also had its own firewall running in addition to the EC2 security group. The command 'system-config-firewall' let me get in to open the ports. Ports 80 (HTTP) and 3306 (MySQL) were not open by default. 22 (SSH) was open. I also had to do 'yum install system-config-firewall'.
To summarize, my solution was:
> yum install system-config-firewall
> system-config-firewall
This answer is for the newbies who have no idea what they are doing with an ec2 instance.
I was having the same problem and tried all the Security Group fixes to no avail.
As it turns out, I needed to turn on my server from the command line.
sudo service httpd start
Sometimes it's dark, not because a fuse blew, but because you didn't flick the switch.
I face the same issue multiple times with the ubuntu EC2 instance and here I am adding all the methods which helped me in fixing the issue in different situations.
Make sure you are accessing the "Public IPv4 DNS" or "Public IPv4 address" or "Elastic IP addresses" from the browser.
Check whether port 80 is open or not.
Here you can see that port 80 is not open in Inbound rules. So let's open port 80 first. For this click on the security tab and you can see the Security groups open this new tab
Now you have to edit inbound rules.
Click at add rule
Then select type HTTP and source AnyWhere and save it.
Similarly, you do HTTPS also.
Check the browser URL if HTTPS is not enabled and if we try to access from browser default it might be HTTPS if so please make it HTTP and try again.
Edit Network ACL. Select the Networking tab and open Subnet ID in a new window.
From Subent Id open Network ACL in the new window
Now edit inbound rules.
For me, It was as simple as just changing the url from https://my-site to http://my-site on my browser. (This solution only applies to people who are still able to SSH onto the ec2 instance but cannot connect via browser)
I was also struggling with same problem had created security group as well, but did not applied to the instance. Just create new rule for http. And apply from right click instance and choose security group and assign it.
Octopus' answer was the correct one for me, except for a Windows machine.
I needed to go to the Windows Firewall, was blocking all traffic out of the VM if it didn't match a rule. Port 80 wasn't enabled in a rule, so I merely had to add one.
Very stupid of me as I forgot to install web server (HTTP server) because of which my ec2 instance public IP was not working. Answering this question as this can also be one of the reason which one should not miss as I did.
You can install either,
nginx:
sudo apt-get install nginx
apache2:
sudo apt-get install apache2
I have encountered a quite similar situation when I tried to run my go app on EC2. If you cannot see an appropriate message or result on your browser even though you:
can get a response well using curl,
finished configuring the Security Group properly
open pen inbound traffic for 80, 443 for the world or for your IP address and
open inbound traffic for 22; and
open inbound traffic for a port that you use (like 8080, 4343, etc.)), and;
run your app to accept a connection from the outside (npm app.js, go run . etc.)
Make sure that you entered http://ec2-..., instead of https://ec2-... on your browser. You cannot connect to the server with https:// even though you open 443 port, unless you already configured ssh certificate. Entering the full address with http protocol, without omitting it, may solve the problem.
I had the same issue, been racking my brain bad since I have no experience with Ubuntu or linux. The answer from Parag fixed it.
Very stupid of me as I forgot to install web server (HTTP server) because of which my ec2 instance public IP was not working. Answering this question as this can also be one of the reason which one should not miss as I did.
You can install either,
nginx:
sudo apt-get install nginx
apache2:
sudo apt-get install apache2
The best way is to edit your security inbound rules. Please refer to below snap.
I know this is a very old thread but faced this issue with many services recently. When you are running any application server like Puma or Unicorn over port example 3000, without having a Load Balancer or Proxy like Nginx frontend it. You have to follow two steps:
Bind the service to 0.0.0.0/3000 and not 127.0.0.1/3000.(This will
leave your service open and accessible by anybody on the internet,
that is were step 2 comes into picture).
In AWS security group now allow port 3000 for 0.0.0.0 if you want it
be access by anybody over the internet or add VPN or your network IP
to allow it only for you and you team.
My problem was the browser.
Chrome works; Firefox DOES NOT work.
Here are the steps that you can follow and when you check both of these, chances are that they will work for sure.
Make sure that you're using http:// in the browser instead of https:// on the IP and amazon IPV4 public DNS (It comes in some form like http://ec2-some-ip-address-here.region.compute.amazonaws.com)
Click on the instance id and scroll down,
go to the security tab,
click on security group it will look like this [![enter image description here][1]][1]
Click on edit inbound rules
Add this
For type- choose HTTP
Source - choose anywhere or anywhere ipv4
and click save and you're done.
Combination of these two should work fine.
While we opened inbounds rules http and https it goes automatically with either one http or https so follow below:
Make sure that you entered http://ec2-..., instead of https://ec2-... on your browser.
For me, I needed to setup ufw and allow it on my EC2insttance. I did so with this command sudo ufw app info "WWW Full"
In my case, it's because I access the public IP with HTTPS, so remmeber to remove 's' in the browser. So stupid!
it may solve by putting http instead of https in browser address
My Windows Ec2 instance was not accessible when I tried to access the public IP from the browser. After checking all the above, I had to update the Windows (Defender) Firewall setting which was blocking the incoming traffic.

"getaddrinfo: Temporary failure in name resolution" in RoR application

I'm trying to retrieve emails from gmail using pop3 to my rails applicaiton. I get the error - "getaddrinfo: Temporary failure in name resolution" when i try to retrieve the email.
the weird thing is, it works when i try it at home but not at my university. i'm guessing it has something to do with the internet connection.
please help!
I had the same problem just started getting this error out of the blue in a RoR application that connects to an API using a RestClient running on a local virtual machine using Vagrant that I have as a development environment.
The only thing that fixed the issue was simply restarting my virtual machine. Just done a vagrant down & up command, then rackup and back in the game.
This generally means you aren't getting a response from DNS. Your university connection is probably behind a proxy preventing you from directly accessing the Internet. If so, this proxy must be specified in your code. Check your POP3 library documentation, or failing that, you may be able to use a library like socksify that redirects TCP connections through your SOCKS proxy.
Simple. You may be directed through a proxy server. Set up a new connection ,set up your college settings,restart your server and it should work.
ssh into your server and check if the machine is able to resolve the domain.
ping <your_site> should resolve the domain name to IP.
If its not resolving correctly, then there is some problem in your hosting service.
quick fix: You can manually map domain-to-ip in the etc/hosts file of your server.

Resources