Hi I am new to Neo4J i am searching from 2 days for access Neo4J every one through URL of public.
In settings of neo4j configuration file some modifications i done those are
dbms.connectors.default_listen_address=0.0.0.0
dbms.connector.http.listen_address=:7474
I got the access for only with in router level means ip4 address level i got but i want to give access to every one.
Because i am using Asp.MVC with script and Neo4jAPI. I installed Neo4j in separate server and app published in separate server i want access the Neo4JAPI
Setting an external public IP is a function of the router managing the connections. If this is a corporate setup, ask the administrator. If this is a personal setup, you will need to do a bunch of things, such as:
Setup a local HTTP server
Allow inbound traffic on port 80
Setup a DNS service
Setup an SSH server
Forward requests on your router to your computer for different ports
This is highly risky and you could be open to problems if you're not careful. A better approach would be to use a public service like AWS to host your application.
Related
I am working on an automation project
I have a local server inside adobe cep. It's a node js/express server.
I want to be able to send an API request to that server from a cloud server.
How can I connect my local server to the web so I can run an HTTPS request that will arrive at my local server?
Thank you very much for helping with this
I didn't really know where to start with this, searched online but didn't get any results yet
This is a two steps configuration, you want to call a local server from the cloud, so:
first of all you need to know your IP (if dynamic it may change)
or you want to use a service like dynDNS so you can associate an ip (192.1.2.3) or an URL (http://myLocalserver) that is callable from the web.
Additionally, you need to setup the port forwarding in your rooter configuration so you can connect your local server (localhost:4200 for instance) to http://myLocalserver:4200
Would love to get peoples thoughts on this.
I have a front-end application that lives on the apple store. It interacts with custom JavaScript APIs that we've built and that are deployed on an EKS cluster. The cluster and the EC2 instances of the cluster live in private subnets in AWS, but are exposed to the world through an application load balancer that lives in a public subnet.
Since the front end application lives on apples servers, I can't think of an easy way to securely access the APIs in AWS without exposing them to the world. This is what I have in mind:
Use API keys. Not ideal as the keys could still potentially be scraped from a header
Restrict access to the APIs to the apple server network via ACLs and security groups. Again, not something that seems achievable since there is no network CIDR that apple provide (that I know of)
Set up some sort of SSH tunnel
I've hit a wall on this and would really appreciate anyones thoughts if they've had a similar issue.
Thanks!
In Google CDP you can have another type of ACL which monitors the client URL. If requests wont come from your.frontend.app, they are denied. Check if you can find that in AWS as well
I recommend to further think about if possible in you project:
1.) CSRF strategy. Apply tokens to clients which must be provided on request to API.
2.) AccessLimiter. Maintain Fingerprint or Session for your clients and count/limit requests as you need. E.g. if the request didnt run through an index file before, no request is possible as clients didnt collect a token.
I searched for a few options on my issue but couldn't find any useful information unfortunately.
Here is my issue:
Suppose I have 1x computer that runs a rest service on a specific port lets say 5555, running in a private network.
Now I have a frontend/browser application (javascript) that could be opened with a mobile phone or computer. When a device is connected to the same network (suppose wireless) and opens the frontend application it should discover in any way the rest service of the other computer, but I can't find a solution to that challenge.
So I can't find the sevices' ipv4 in the network since the webRTC workaround got smashed. I would have to traverse all possible private ip ranges to find that running service, which seems like an overkill.
Anyone got any idea how to solve this challenge?
Most web apps actually use the port-scan approach, which you are trying to avoid. I could think of some other approaches:
Have the service also publish an mDNS service under a specific name, e.g. foo.local. Your web app can simply have a static configuration using that hostname. This will, hovewer, require you to be able to control the service and your network/host need to be capable of using mDNS.
Require the admin of the service to register the local IP adress in a public DNS server. This will require manual config of the URL in the web app, but you can at least avoid dealing with discovering the address.
What you are talking about is sort of network scan, which is a security issue if you can do it, though it is usually possible in home networks. I would add a DNS server for that local network and use a local domain name to access the service. I don't know any other standard way to propagate where the service is.
I have a neo4j desktop (1.4.3) database on my Windows PC. in an html code, I am connectecting to the DB using
const driver = neo4j.driver("bolt://IP_ADDRESS:7687", neo4j.auth.basic("neo4j", "PASSWORD"));
After that I query the DB and display the results on the web page (I use leafletjs maps, but this is not the issue)
var session = driver.session();
session
.run(`MATCH....etc.... return ....
`)
.subscribe({
...... etc
Everything is fine so far. I run the page on my PC or from another PC in my home network, everything is fine. The setting of neo4j is (dbms.default_listen_address=0.0.0.0) no issues there.
The question is how do I expose this page to the colleagues outside my network?
Using noip.com, I got a temporary domain mapped to my external IP.
I also configured the router to forward port 80.
But when the page Javascript gets loaded on an external client, it tries to connect to neo4j on that client. When I put the external IP addtess in "const driver ..." the connection does not work.
How do I make the connection to the DB from my server, but the queries to the DB come from the client who loaded the Javascript?
Edit: Forgot to mention that I am also using Apache Web Server (Xampp) to serve the page to remote users.
A simple architecture that does what you want, plus mitigates the risk of opening up your database to everyone uses a HTTP server + API that are accessible via your noip provider.
Your public facing frontend (HTML + JavaScript (for making API calls etc)) makes the HTTP(s) calls to your publicly accessible API (for example a nodejs server) to make the database calls. Cypher/a direct database connection to neo has no place in your users' browsers.
You can also use a starter like the GRANDstack.
I'm running integration tests on several AWS Lambda's and I need a way to route API calls to a dummy express server on my local machine. Normally I would just change the url's of the API calls, but the urls are generated in projects that are not apart of this and imported via npm, so hardcoding in a new url isn't practical.
My goal is to have these modules use the URL generated but have that routed to a dummy Express server that I'am running where I will have prepackaged responses so I can test the functionality of these lambdas. For example there is a request for an authorization token from an outside service. Instead of requesting from the actual service it would be routed to my local express server which would just provide a static authorization token. There is then another point where that token is verified and I would again hope that this would get routed to the same server (though in reality it's a different service) and it would verify the token.
Ultimately I will have this dummy Express server, a DynamoDB, and SQS, running on docker containers locally to essentially imitate this software running live.
I've seen that docker can route traffic, but I'm not sure if what I'm attempting to do will be possible. I've googled around but most of the stuff I have found seems a bit more simple then what I'm attempting.