Neo4j -如何使用Docker镜像从安全连接访问bolt？

Question

Docker新手。因此，我已经设法将官方的Neo4j EE Docker镜像部署到Google Container Engine，并且当从本地主机运行我的Angular应用程序时，一切正常(因为它不是来自安全连接)。

但是，当我将应用程序部署到Firebase时，应用程序从安全连接对DB/Docker容器进行所有调用，这会导致以下错误：

Mixed Content: The page at 'https://luminate-testing-24112016.firebaseapp.com/dashboard'
was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint
'ws://35.196.251.244:7687/'. This request has been blocked; this endpoint must be available
over WSS.

请注意，无论Docker镜像是部署到GKE还是AWS，都会发生这种情况。

以下是我的yaml文件：

apiVersion: v1
kind: Service
metadata:
  name: neo4j
spec:
  type: LoadBalancer
  loadBalancerSourceRanges:
  - 0.0.0.0/0
  ports:
  - name: browser
    port: 7474
    protocol: TCP
  - name: bolt
    port: 7687
    protocol: TCP
  - name: https
    port: 7473
    protocol: TCP
  selector:
    app: neo4j

apiVersion: "apps/v1beta1"
kind: StatefulSet
metadata:
  name: neo4j
spec:
  serviceName: neo4j
  replicas: 1
  template:
    metadata:
      labels:
        app: neo4j
    spec:
      containers:
      - name: neo4j
        image: luminateqr/neo4j-with-apoc:latest
        imagePullPolicy: Always
        ports:
        - name: browser
          containerPort: 7474
        - name: bolt
          containerPort: 7687
        - name: https
          containerPort: 7473
        volumeMounts:
        - name: neo4j-data
          mountPath: /data
  volumeClaimTemplates:
  - metadata:
      name: neo4j-data
      annotations:
        volume.beta.kubernetes.io/storage-class: slow
    spec:
      accessModes: [ "ReadWriteOnce" ]
      resources:
        requests:
          storage: 50Gi

kind: StorageClass
apiVersion: storage.k8s.io/v1beta1
metadata:
  name: slow
provisioner: kubernetes.io/gce-pd
parameters:
  type: pd-standard
  zone: us-east1-c

有一些问题和答案看起来很相似，但我不知道哪些适用，哪些不适用。我知道在TLS上设置websocket与此有关，但对于如何做到这一点没有一致和/或明确的答案(这似乎很奇怪，因为这可能是一个常见的场景)。

Answer 1

您应该在neo4j.conf中设置此参数

dbms.connector.bolt.tls_level=REQUIRED

在docker的情况下，您可以使用此处描述的选项：Config file for Neo4j Docker Image