Configure network connectors

Neo4j provides support for Bolt, HTTP, and HTTPS protocols using network connectors. Network connectors are configured in the neo4j.conf file.

Available network connectors

The table below lists the available network connectors in Neo4j:

Table 1. Neo4j network connectors and port number
Network connector name Protocol Default port number

server.bolt

Bolt

7687

server.http

HTTP

7474

server.https

HTTPS

7473

When configuring the HTTPS or Bolt connectors, see also SSL framework for details on how to work with SSL certificates.

Configuration options

The network connectors are configured by settings in the format server.<network-connector-name>.<setting-suffix>>.

Table 2. Configuration option suffixes for network connectors
Option name Default Setting(s) Description

enabled

true [1]

server.bolt.enabled, server.http.enabled, server.https.enabled [2]

This setting allows the client connector to be enabled or disabled. When disabled, Neo4j does not listen for incoming connections on the relevant port.

listen_address

localhost:<network-connector-default-port>

server.bolt.listen_address, server.https.listen_address, server.http.listen_address

This setting specifies how Neo4j listens for incoming connections. It consists of two parts; an IP address (e.g. 127.0.0.1 or 0.0.0.0) and a port number (e.g. 7687), and is expressed in the format <ip-address>:<port-number>. See below for an example of usage.

advertised_address

localhost:<network-connector-default-port>

server.bolt.advertised_address, server.https.advertised_address, server.http.advertised_address

This setting specifies the address that clients should use for this network connector. This is useful in a cluster as it allows each server to correctly advertise the addresses of the other servers in the cluster. The advertised address consists of two parts; an address (fully qualified domain name, hostname, or IP address) and a port number (e.g. 7687), and is expressed in the format <address>:<port-number>. See below for an example of usage.

tls_level

DISABLED

server.bolt.tls_level

This setting is only applicable to the Bolt connector. It allows the Bolt connector to accept encrypted and/or unencrypted connections. The default value is DISABLED, where only unencrypted client connections are to be accepted by this connector, and all encrypted connections will be rejected.

Other values are REQUIRED and OPTIONAL. Use REQUIRED when only encrypted client connections are to be accepted by this connector, and all unencrypted connections will be rejected. Use OPTIONAL where either encrypted or unencrypted client connections are accepted by this connector.

1. When Neo4j is used in embedded mode, the default value is false.

2. The default value for server.https.enabled is false.

Example 1. Specify listen_address for the Bolt connector

To listen for Bolt connections on all network interfaces (0.0.0.0) and on port 7000, set the listen_address for the Bolt connector:

server.bolt.listen_address=0.0.0.0:7000
Example 2. Specify advertised_address for the Bolt connector

If routing traffic via a proxy, or if port mappings are in use, it is possible to specify advertised_address for each network connector individually. For example, if port 7687 on the Neo4j server is mapped from port 9000 on the external network, specify the advertised_address for the Bolt connector:

server.bolt.advertised_address=<server-name>:9000

Options for Bolt thread pooling

See Bolt thread pool configuration to learn more about Bolt thread pooling and how to configure it on the network connector level.

Defaults for addresses

It is possible to specify defaults for the configuration options with listen_address and advertised_address suffixes. Setting a default value applies to all network connectors unless specifically configured for a certain connector.

server.default_listen_address

This configuration option defines a default IP address of the settings with the listen_address suffix for all network connectors. If the IP address part of the listen_address is not specified, it is inherited from the shared setting server.default_listen_address.

Example 3. Specify listen_address for the Bolt connector

To listen for Bolt connections on all network interfaces (0.0.0.0) and on port 7000, set the listen_address for the Bolt connector:

server.bolt.listen_address=0.0.0.0:7000

This is equivalent to specifying the IP address by using the server.default_listen_address setting, and then specifying the port number for the Bolt connector.

server.default_listen_address=0.0.0.0

server.bolt.listen_address=:7000
server.default_advertised_address

This configuration option defines a default address of the settings with the advertised_address suffix for all network connectors. If the address part of the advertised_address is not specified, it is inherited from the shared setting server.default_advertised_address.

Example 4. Specify advertised_address for the Bolt connector

Specify the address that clients should use for the Bolt connector:

server.bolt.advertised_address=server1:9000

This is equivalent to specifying the address by using the server.default_advertised_address setting, and then specifying the port number for the Bolt connector.

server.default_advertised_address=server1

server.bolt.advertised_address=:9000

The default address settings can only accept the hostname or IP address portion of the full socket address. Port numbers are protocol-specific, and can only be added by the protocol-specific network connector configuration.

For example, if you configure the default address value to be example.com:9999, Neo4j will fail to start and you will get an error in neo4j.log.