██FR█████ █INTELL███████████

How to host Neo4J on EC2 using Docker


This content originally appeared on DEV Community and was authored by Anand Lahoti

Deploy Neo4j on AWS EC2 with Docker, Nginx, and SSL

This guide details how to host a production-ready Neo4j Community Edition database on an Ubuntu EC2 instance using Docker Compose, Nginx as a reverse proxy, and Let’s Encrypt for SSL.

🛑 Prerequisites: AWS Security Groups

Before connecting to your instance, ensure your EC2 Security Group has the following Inbound Rules configured:

Type Protocol Port Range Source Description
SSH TCP 22 Your IP For server access
HTTP TCP 80 0.0.0.0/0 For Nginx (Certbot)
HTTPS TCP 443 0.0.0.0/0 For Nginx (Browser UI)
Custom TCP TCP 7687 0.0.0.0/0 Bolt Protocol (App connection)

1. Server Setup & Docker Installation

Connect to your instance via SSH and run the following commands to update the OS and install Docker.

Update & Install Essentials 

sudo apt update && sudo apt install -y nginx ca-certificates curl gnupg

Add Docker Repository 

# Create keyrings directory
sudo install -m 0755 -d /etc/apt/keyrings

# Download Docker GPG key
curl -fsSL [https://download.docker.com/linux/ubuntu/gpg](https://download.docker.com/linux/ubuntu/gpg) | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg

# Set permissions
sudo chmod a+r /etc/apt/keyrings/docker.gpg

# Set up repository
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] [https://download.docker.com/linux/ubuntu](https://download.docker.com/linux/ubuntu) \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

Install & Start Docker 

sudo apt update
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

# Enable and start Docker
sudo systemctl enable docker
sudo systemctl start docker

2. Project Setup

Create a directory to house your Neo4j configuration and data.

mkdir neo4j-server
cd neo4j-server

Create Environment File

Store your credentials securely.

nano .env

Paste the following (Change the password):

# Format: neo4j/your_password
NEO4J_AUTH=neo4j/your_secure_password_here

Create Docker Compose File 

nano docker-compose.yml

Paste the following:

services:
  neo4j:
    image: neo4j:community
    restart: always
    ports:
      - "7474:7474" # HTTP (Proxied via Nginx)
      - "7687:7687" # Bolt (Direct connection)
    environment:
      - NEO4J_AUTH=${NEO4J_AUTH}
    volumes:
      - ./data:/data
      - ./logs:/logs
      - ./conf:/conf
      - ./plugins:/plugins
    # Increase file limits for Neo4j performance
    ulimits:
      nofile:
        soft: 40000
        hard: 40000

Start the Database 

sudo docker compose up -d

3. Configure Nginx (Reverse Proxy)

This allows access to the Neo4j Browser via https://db.yourdomain.com instead of using the IP address.

Note: Ensure your domain points to the EC2 IP address in Route 53 (or your DNS provider).

sudo nano /etc/nginx/sites-available/db.yourdomain.com

Paste the configuration:
(Replace db.yourdomain.com with your actual domain)

server {
    listen 80;
    listen [::]:80;
    server_name db.yourdomain.com;

    # Allow larger imports via browser
    client_max_body_size 100M;

    location / {
        proxy_pass [http://127.0.0.1:7474](http://127.0.0.1:7474);

        # Standard Headers
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # WebSocket Support (Required for Neo4j Browser)
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

Enable Site & Restart Nginx 

sudo ln -s /etc/nginx/sites-available/db.yourdomain.com /etc/nginx/sites-enabled/
sudo rm -rf /etc/nginx/sites-enabled/default
sudo service nginx restart

4. SSL Certificate (HTTPS)

Secure the browser connection using Certbot.

# Install Certbot
sudo apt install certbot python3-certbot-nginx -y

# Obtain Certificate
sudo certbot --nginx -d db.yourdomain.com

5. How to Connect

1. Neo4j Browser (UI)

  • URL: https://db.yourdomain.com
  • Username: neo4j
  • Password: (The password set in your .env file)

2. Application Connection (Bolt)

When connecting from Node.js, Python, Java, etc., use the Bolt protocol. This connects directly to the Docker container via port 7687.

  • URI: bolt://db.yourdomain.com:7687
  • Auth: Basic (neo4j, your_password)

6. Troubleshooting

If you cannot connect via Bolt:

  1. Check that Port 7687 is open in your AWS Security Group.
  2. Ensure docker compose is running: sudo docker compose ps
  3. Check logs: sudo docker compose logs -f


This content originally appeared on DEV Community and was authored by Anand Lahoti