Before continuing, we advise you to read chapter 4 "Configuration" of the pdf documentation (or online ). In this part, we will give the configuration elements to properly set up a single Neo4j server for use by SECollab.
It is necessary to shut down the Neo4j database before making modifications. Depending on the type of installation, you must execute the command:
systemctl stop neo4j.service .NEO4J_HOME/bin/neo4j stop . NEO4J_HOME/bin/neo4j.bat stop . Before continuing, we advise you to read chapter 4 "Configuration" of the pdf documentation (or online ). In the rest of this section, we will give the configuration elements to correctly configure a single Neo4j server for use by SECollab.
The following parameters must be modified or added (if they do not exist) in the Neo4j configuration file neo4j.conf.
# Recommended settings for 32GB memory dbms.memory.heap.initial_size=12g dbms.memory.heap.max_size=12g dbms.memory.pagecache.size=12g # Default connector settings dbms.default_listen_address=0.0.0.0 dbms.connectors.default_advertised_address=SERVER-IP-OR-HOSTNAME # Bolt connector dbms.connector.bolt.enabled=true dbms.connector.bolt.tls_level=REQUIRED # Bolt SSL configuration dbms.ssl.policy.bolt.enabled=true # Disable http/https connectors dbms.connector.http.enabled=false dbms.connector.https.enabled=false
Some explanations :
dbms.default_listen_address=0.0.0.0 : listening address of the connectors. Here 0.0.0.0 means listening on all network interfaces. dbms.connector.bolt.tls_level=SERVER-IP-OR-HOSTNAME : address that will be used by the client to contact the server. You must obviously replace "SERVER-IP-OR-HOSTNAME" with the DNS hostname or the IP address (accessible by SECollab) of the server.dbms.ssl.policy.bolt.enabled=true : enable the SSL policy for bolt protocol. You then have to declare a private key and a public certificate inside the default directory: NEO4J_HOME/certificates/bolt.
By default, the private file will be located: NEO4J_HOME/certificates/bolt/private.key and the certificate: NEO4J_HOME/certificates/bolt/public.crt. It is possible to override thoses values with the following configuration:
# Bolt SSL configuration dbms.ssl.policy.bolt.base_directory=/var/lib/neo4j/bolt/certificates dbms.ssl.policy.bolt.private_key=neo4j.key dbms.ssl.policy.bolt.public_certificate=neo4j.crt
If you wish, you can enable an HTTP (S) connector to access a simplified web interface for querying and managing the Neo4j database. As a safety precaution, we only recommend using the HTTPS connector and for local use only. An example of setting is:
# HTTPS Connector. There can be zero or one HTTPS connectors. dbms.connector.https.enabled=true dbms.connector.http.listen_address=127.0.0.1:7473 dbms.connector.http.advertised_address=localhost:7473 # Https SSL configuration dbms.ssl.policy.https.enabled=true dbms.ssl.policy.https.base_directory=/var/lib/neo4j/https/certificates dbms.ssl.policy.https.private_key=neo4j.key dbms.ssl.policy.https.public_certificate=neo4j.crt
With these settings, from the Neo4j server, you can access a web interface at the address https://localhost:7473.
For more details, see section 4.7 of the pdf documentation (or online).
You can easily change the storage location of some Neo4j resources.
# Paths of directories in the installation. dbms.directories.data=/var/lib/neo4j/data dbms.directories.plugins=/var/lib/neo4j/plugins dbms.ssl.policy.bolt.base_directory=/var/lib/neo4j/bolt/certificates dbms.ssl.policy.https.base_directory=/var/lib/neo4j/https/certificates dbms.directories.logs=/var/log/neo4j
For a demonstrator (POC, pre-production) SECollab, 8GB of RAM are sufficient. In this case and using the Neo4j tool NEO4J_HOME/neo4j-admin memrec --memory=8g , the recommended configuration is as follows:
administrator@neo4j-single:~$ neo4j-admin memrec --memory=8g # Memory settings recommendation from neo4j-admin memrec: .. # Based on the above, the following memory settings are recommended: dbms.memory.heap.initial_size=3600m dbms.memory.heap.max_size=3600m dbms.memory.pagecache.size=2g
For more information, please refer to the pdf documentation, sections 11.1 (or online) and 12.5 (or online).
To analyze performance issues, we recommend enabling the query log. For more details, see section 10.2.1 of the pdf documentation (or online).
Example to log queries taking more than 15 seconds to execute:
# Enable query logging dbms.logs.query.enabled=INFO dbms.logs.query.threshold=15s # Dump maximal details about that slowy query dbms.logs.query.parameter_logging_enabled=true dbms.logs.query.time_logging_enabled=true dbms.logs.query.allocation_logging_enabled=true dbms.logs.query.page_logging_enabled=true
NEO4J_HOME/conf/neo4j.conf:
# Enable this to be able to upgrade a store from an older version.
dbms.allow_upgrade=true
Make sure your have properly created a backup of your database and before upgrading your 3.5.x database. That means creating a copy of the directory configured with dbms.directories.data.
A complete and detailed reference of the configuration file can be found in Appendix A.1 of the pdf documentation (or online).
To apply the changes made to the configuration file, restart the Neo4j database. Depending on the type of installation, you must execute the command:
systemctl start neo4j.service .NEO4J_HOME/bin/neo4j start . NEO4J_HOME/bin/neo4j.bat start .