#***************************************************************** # Neo4j configuration # # For more details and a complete list of settings, please see # /docs/operations-manual/current/reference/configuration-settings/ #***************************************************************** # The name of the database to mount #dbms.active_database= # Paths of directories in the installation. #=data #=plugins #=certificates #=logs #=lib #=run # This setting constrains all `LOAD CSV` import files to be under the `import` directory. Remove or comment it out to # allow files to be loaded from anywhere in the filesystem; this introduces possible security problems. See the # `LOAD CSV` section of the manual for details. # =import # Whether requests to Neo4j are authenticated. # To disable authentication, uncomment this line #.auth_enabled=false # Enable this to be able to upgrade a store from an older version. #dbms.allow_upgrade=true # Java Heap Size: by default the Java heap size is dynamically # calculated based on available system resources. # Uncomment these lines to set specific initial and maximum # heap size. .initial_size=512m .max_size=1g # The amount of memory to use for mapping the store files, in bytes (or # kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). # If Neo4j is running on a dedicated server, then it is generally recommended # to leave about 2-4 gigabytes for the operating system, give the JVM enough # heap to hold all your transaction state and query context, and then leave the # rest for the page cache. # The default page cache memory assumes the machine is dedicated to running # Neo4j, and is heuristically set to 50% of RAM minus the max Java heap size. =5g #***************************************************************** # Network connector configuration #***************************************************************** # With default configuration Neo4j only accepts local connections. # To accept non-local connections, uncomment this line: .default_listen_address=0.0.0.0 # You can also choose a specific network interface, and configure a non-default # port for each connector, by setting their individual listen_address. # The address at which this server can be reached by its clients. This may be the server's IP address or DNS name, or # it may be the address of a reverse proxy which sits in front of the server. This setting may be overridden for # individual connectors below. #.default_advertised_address=localhost # You can also choose a specific advertised hostname or IP address, and # configure an advertised port for each connector, by setting their # individual advertised_address. # Bolt connector =true #.tls_level=OPTIONAL .listen_address=:7687 # HTTP Connector. There can be zero or one HTTP connectors. =true .listen_address=:7474 # HTTPS Connector. There can be zero or one HTTPS connectors. =true .listen_address=:7473 # Number of Neo4j worker threads. #.worker_count= #***************************************************************** # SSL system configuration #***************************************************************** # Names of the SSL policies to be used for the respective components. # The legacy policy is a special policy which is not defined in # the policy configuration section, but rather derives from # and associated files # (by default: and ). Its use will be deprecated. # The policies to be used for connectors. # # : Note that a connector must be configured to support/require # SSL/TLS for the policy to actually be utilized. # # see: .*.tls_level #bolt.ssl_policy=legacy #https.ssl_policy=legacy #***************************************************************** # SSL policy configuration #***************************************************************** # Each policy is configured under a separate namespace, . # .<policyname>.* # # The example settings below are for a new policy named 'default'. # The base directory for cryptographic objects. Each policy will by # default look for its associated objects (keys, certificates, ...) # under the base directory. # # Every such setting can be overridden using a full path to # the respective object, but every policy will by default look # for cryptographic objects in its base location. # # Mandatory setting #.base_directory=certificates/default # Allows the generation of a fresh private key and a self-signed # certificate if none are found in the expected locations. It is # recommended to turn this off again after keys have been generated. # # Keys should in general be generated and distributed offline # by a trusted certificate authority (CA) and not by utilizing # this mode. #.allow_key_generation=false # Enabling this makes it so that this policy ignores the contents # of the trusted_dir and simply resorts to trusting everything. # # Use of this mode is discouraged. It would offer encryption but no security. #.trust_all=false # The private key for the default SSL policy. By default a file # named is expected under the base directory of the policy. # It is mandatory that a key can be found or generated. #.private_key= # The private key for the default SSL policy. By default a file # named is expected under the base directory of the policy. # It is mandatory that a certificate can be found or generated. #.public_certificate= # The certificates of trusted parties. By default a directory named # 'trusted' is expected under the base directory of the policy. It is # mandatory to create the directory so that it exists, because it cannot # be auto-created (for security purposes). # # To enforce client authentication client_auth must be set to 'require'! #.trusted_dir= # Client authentication setting. Values: none, optional, require # The default is to require client authentication. # # Servers are always authenticated unless explicitly overridden # using the trust_all setting. In a mutual authentication setup this # should be kept at the default of require and trusted certificates # must be installed in the trusted_dir. #.client_auth=require # It is possible to verify the hostname that the client uses # to connect to the remote server. In order for this to work, the server public # certificate must have a valid CN and/or matching Subject Alternative Names. # Note that this is irrelevant on host side connections (sockets receiving # connections). # To enable hostname verification client side on nodes, set this to true. #.verify_hostname=false # A comma-separated list of allowed TLS versions. # By default only TLSv1.2 is allowed. #.tls_versions= # A comma-separated list of allowed ciphers. # The default ciphers are the defaults of the JVM platform. #= #***************************************************************** # Logging configuration #***************************************************************** # To enable HTTP logging, uncomment this line #=true # Number of HTTP logs to keep. #.keep_number=5 # Size of each HTTP log that is kept. #=20m # To enable GC Logging, uncomment this line #=true # GC Logging Options # see /cd/E19957-01/819-0084-10/pt_tuningjava.html#wp57013 for more information. #=-XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+PrintGCApplicationStoppedTime -XX:+PrintPromotionFailure -XX:+PrintTenuringDistribution # For Java 9 and newer GC Logging Options # see /javase/10/tools/#JSWOR-GUID-BE93ABDC-999C-4CB5-A88B-1994AAAC74D5 #=-Xlog:gc*,safepoint,age*=trace # Number of GC logs to keep. #.keep_number=5 # Size of each GC log that is kept. #=20m # Log level for the debug log. One of DEBUG, INFO, WARN and ERROR. Be aware that logging at DEBUG level can be very verbose. #=INFO # Size threshold for rotation of the debug log. If set to zero then no rotation will occur. Accepts a binary suffix "k", # "m" or "g". #=20m # Maximum number of history files for the internal log. #.keep_number=7 #***************************************************************** # Miscellaneous configuration #***************************************************************** # Enable this to specify a parser other than the default one. #cypher.default_language_version=3.0 # Determines if Cypher will allow using file URLs when loading data using # `LOAD CSV`. Setting this value to `false` will cause Neo4j to fail `LOAD CSV` # clauses that load data from the file system. .allow_csv_import_from_file_urls=true # Value of the Access-Control-Allow-Origin header sent over any HTTP or HTTPS # connector. This defaults to '*', which allows broadest compatibility. Note # that any URI provided here limits HTTP/HTTPS access to that URI only. #.http_access_control_allow_origin=* # Value of the HTTP Strict-Transport-Security (HSTS) response header. This header # tells browsers that a webpage should only be accessed using HTTPS instead of HTTP. # It is attached to every HTTPS response. Setting is not set by default so # 'Strict-Transport-Security' header is not sent. Value is expected to contain # directives like 'max-age', 'includeSubDomains' and 'preload'. #.http_strict_transport_security= # Retention policy for transaction logs needed to perform recovery and backups. dbms.tx_log.rotation.retention_policy=1 days # Only allow read operations from this Neo4j instance. This mode still requires # write access to the directory for lock purposes. dbms.read_only=false # Comma separated list of JAX-RS packages containing JAX-RS resources, one # package name for each mountpoint. The listed package names will be loaded # under the mountpoints specified. Uncomment this line to mount the # org. from # neo4j-server-examples under /examples/unmanaged, resulting in a final URL of # http://localhost:7474/examples/unmanaged/helloworld/{nodeId} #dbms.unmanaged_extension_classes=org.=/examples/unmanaged # A comma separated list of procedures and user defined functions that are allowed # full access to the database through unsupported/insecure internal APIs. #=,.* # A comma separated list of procedures to be loaded by default. # Leaving this unconfigured will load all procedures found. #=.*,.* #******************************************************************** # JVM Parameters #******************************************************************** # G1GC generally strikes a good balance between throughput and tail # latency, without too much tuning. =-XX:+UseG1GC # Have common exceptions keep producing stack traces, so they can be # debugged regardless of how often logs are rotated. =-XX:-OmitStackTraceInFastThrow # Make sure that `initmemory` is not only allocated, but committed to # the process, before starting the database. This reduces memory # fragmentation, increasing the effectiveness of transparent huge # pages. It also reduces the possibility of seeing performance drop # due to heap-growing GC events, where a decrease in available page # cache leads to an increase in mean IO response time. # Try reducing the heap memory, if this flag degrades performance. =-XX:+AlwaysPreTouch # Trust that non-static final fields are really final. # This allows more optimizations and improves overall performance. # NOTE: Disable this if you use embedded mode, or have extensions or dependencies that may use reflection or # serialization to change the value of final fields! =-XX:+UnlockExperimentalVMOptions =-XX:+TrustFinalNonStaticFields # Disable explicit garbage collection, which is occasionally invoked by the JDK itself. =-XX:+DisableExplicitGC # Remote JMX monitoring, uncomment and adjust the following lines as needed. Absolute paths to and # files are required. # Also make sure to update the and files with appropriate permission roles and passwords, # the shipped configuration contains only a read only role called 'monitor' with password 'Neo4j'. # For more details, see: /javase/8/docs/technotes/guides/management/ # On Unix based systems the file needs to be owned by the user that will run the server, # and have permissions set to 0600. # For details on setting these file permissions on Windows see: # /javase/8/docs/technotes/guides/management/ #=-=3637 #=-=true #=-=false #=-=/absolute/path/to/conf/ #=-=/absolute/path/to/conf/ # Some systems cannot discover host name automatically, and need this line configured: #=-=$THE_NEO4J_SERVER_HOSTNAME # Expand Diffie Hellman (DH) key size from default 1024 to 2048 for DH-RSA cipher suites used in server TLS handshakes. # This is to protect the server from any potential passive eavesdropping. =-=2048 # This mitigates a DDoS vector. =-=true #******************************************************************** # Wrapper Windows NT/2000/XP Service Properties #******************************************************************** # WARNING - Do not modify any of these properties when an application # using this configuration file has been installed as a service. # Please uninstall the service before modifying this section. The # service can then be reinstalled. # Name of the service dbms.windows_service_name=neo4j #******************************************************************** # Other Neo4j system properties #******************************************************************** =-=tarball