可以使用nginx代理Neo4j的http协议来添加加密和身份验证:
server {
server_name graph.example.org;
listen 443 http2 ssl;
listen [::]:443 http2 ssl;
ssl_certificate /path/to/fullchain.pem;
ssl_certificate_key /path/to/privkey.pem;
include snippets/ssl-params.conf;
location / {
proxy_pass http://localhost:7471/;
auth_basic "restricted";
auth_basic_user_file /path/to/users;
}
}
但我不知道如何代理螺栓连接;包含所有必要信息的伪配置:
server {
server_name graph.example.org;
listen 7687 ssl;
listen [::]:7687 ssl;
ssl_certificate /path/to/fullchain.pem;
ssl_certificate_key /path/to/privkey.pem;
include snippets/ssl-params.conf;
<some ‘location’ directive> {
<some-proxy-directive> localhost:7686;
# dbms.connector.bolt.address=localhost:7686
auth_basic "restricted";
auth_basic_user_file /path/to/users;
}
}
鉴于location在此上下文中没有意义且proxy_pass需要基于http(s)的url,此伪配置可能并不接近所需的配置。
在问题an answer的“Is it possible to forward NON-http connecting request to some other port in nginx?”中,建议stream-core module。但我不清楚我是如何使用它的。以下工作(我还没有测试过):
stream {
server {
server_name graph.example.org;
listen 7687 ssl;
listen [::]:7687 ssl;
ssl_certificate /path/to/fullchain.pem;
ssl_certificate_key /path/to/privkey.pem;
include snippets/ssl-params.conf;
auth_basic "restricted";
auth_basic_user_file /path/to/users;
proxy_pass localhost:7686;
# dbms.connector.bolt.address=localhost:7686
}
}
也许需要修改指令或者需要添加更多指令才能使其工作?