The latest articles on DEV Community by Anand Lahoti (@foundanand). https://dev.to/foundanand https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1612732%2F15fa1b20-bac4-4dd8-b20e-af147ef04e8a.png https://dev.to/foundanand en Anand Lahoti Thu, 20 Nov 2025 13:36:28 +0000 https://dev.to/foundanand/how-to-host-neo4j-on-ec2-using-docker-2dem https://dev.to/foundanand/how-to-host-neo4j-on-ec2-using-docker-2dem <h2> Deploy Neo4j on AWS EC2 with Docker, Nginx, and SSL </h2> <p>This guide details how to host a production-ready <strong>Neo4j Community Edition</strong> database on an Ubuntu EC2 instance using Docker Compose, Nginx as a reverse proxy, and Let's Encrypt for SSL.</p> <h2> 🛑 Prerequisites: AWS Security Groups </h2> <p>Before connecting to your instance, ensure your <strong>EC2 Security Group</strong> has the following Inbound Rules configured:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Type</th> <th>Protocol</th> <th>Port Range</th> <th>Source</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><strong>SSH</strong></td> <td>TCP</td> <td>22</td> <td>Your IP</td> <td>For server access</td> </tr> <tr> <td><strong>HTTP</strong></td> <td>TCP</td> <td>80</td> <td>0.0.0.0/0</td> <td>For Nginx (Certbot)</td> </tr> <tr> <td><strong>HTTPS</strong></td> <td>TCP</td> <td>443</td> <td>0.0.0.0/0</td> <td>For Nginx (Browser UI)</td> </tr> <tr> <td><strong>Custom TCP</strong></td> <td>TCP</td> <td>7687</td> <td>0.0.0.0/0</td> <td> <strong>Bolt Protocol</strong> (App connection)</td> </tr> </tbody> </table></div> <h2> 1. Server Setup &amp; Docker Installation </h2> <p>Connect to your instance via SSH and run the following commands to update the OS and install Docker.</p> <h3> Update &amp; Install Essentials </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt update <span class="o">&amp;&amp;</span> <span class="nb">sudo </span>apt <span class="nb">install</span> <span class="nt">-y</span> nginx ca-certificates curl gnupg </code></pre> </div> <h3> Add Docker Repository </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Create keyrings directory</span> <span class="nb">sudo install</span> <span class="nt">-m</span> 0755 <span class="nt">-d</span> /etc/apt/keyrings <span class="c"># Download Docker GPG key</span> curl <span class="nt">-fsSL</span> <span class="o">[</span>https://download.docker.com/linux/ubuntu/gpg]<span class="o">(</span>https://download.docker.com/linux/ubuntu/gpg<span class="o">)</span> | <span class="nb">sudo </span>gpg <span class="nt">--dearmor</span> <span class="nt">-o</span> /etc/apt/keyrings/docker.gpg <span class="c"># Set permissions</span> <span class="nb">sudo chmod </span>a+r /etc/apt/keyrings/docker.gpg <span class="c"># Set up repository</span> <span class="nb">echo</span> <span class="se">\</span> <span class="s2">"deb [arch=</span><span class="si">$(</span>dpkg <span class="nt">--print-architecture</span><span class="si">)</span><span class="s2"> signed-by=/etc/apt/keyrings/docker.gpg] [https://download.docker.com/linux/ubuntu](https://download.docker.com/linux/ubuntu) </span><span class="se">\</span><span class="s2"> </span><span class="si">$(</span>lsb_release <span class="nt">-cs</span><span class="si">)</span><span class="s2"> stable"</span> | <span class="nb">sudo tee</span> /etc/apt/sources.list.d/docker.list <span class="o">&gt;</span> /dev/null </code></pre> </div> <h3> Install &amp; Start Docker </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt update <span class="nb">sudo </span>apt <span class="nb">install</span> <span class="nt">-y</span> docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin <span class="c"># Enable and start Docker</span> <span class="nb">sudo </span>systemctl <span class="nb">enable </span>docker <span class="nb">sudo </span>systemctl start docker </code></pre> </div> <h2> 2. Project Setup </h2> <p>Create a directory to house your Neo4j configuration and data.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir </span>neo4j-server <span class="nb">cd </span>neo4j-server </code></pre> </div> <h3> Create Environment File </h3> <p>Store your credentials securely.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>nano .env </code></pre> </div> <p><strong>Paste the following (Change the password):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Format: neo4j/your_password NEO4J_AUTH=neo4j/your_secure_password_here </code></pre> </div> <h3> Create Docker Compose File </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>nano docker-compose.yml </code></pre> </div> <p><strong>Paste the following:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">neo4j</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">neo4j:community</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">always</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">7474:7474"</span> <span class="c1"># HTTP (Proxied via Nginx)</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">7687:7687"</span> <span class="c1"># Bolt (Direct connection)</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">NEO4J_AUTH=${NEO4J_AUTH}</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./data:/data</span> <span class="pi">-</span> <span class="s">./logs:/logs</span> <span class="pi">-</span> <span class="s">./conf:/conf</span> <span class="pi">-</span> <span class="s">./plugins:/plugins</span> <span class="c1"># Increase file limits for Neo4j performance</span> <span class="na">ulimits</span><span class="pi">:</span> <span class="na">nofile</span><span class="pi">:</span> <span class="na">soft</span><span class="pi">:</span> <span class="m">40000</span> <span class="na">hard</span><span class="pi">:</span> <span class="m">40000</span> </code></pre> </div> <h3> Start the Database </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>docker compose up <span class="nt">-d</span> </code></pre> </div> <h2> 3. Configure Nginx (Reverse Proxy) </h2> <p>This allows access to the Neo4j Browser via <code>https://db.yourdomain.com</code> instead of using the IP address.</p> <blockquote> <p><strong>Note:</strong> Ensure your domain points to the EC2 IP address in Route 53 (or your DNS provider).<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>nano /etc/nginx/sites-available/db.yourdomain.com </code></pre> </div> <p><strong>Paste the configuration:</strong><br> <em>(Replace <code>db.yourdomain.com</code> with your actual domain)</em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight nginx"><code><span class="k">server</span> <span class="p">{</span> <span class="kn">listen</span> <span class="mi">80</span><span class="p">;</span> <span class="kn">listen</span> <span class="s">[::]:80</span><span class="p">;</span> <span class="kn">server_name</span> <span class="s">db.yourdomain.com</span><span class="p">;</span> <span class="c1"># Allow larger imports via browser</span> <span class="kn">client_max_body_size</span> <span class="mi">100M</span><span class="p">;</span> <span class="kn">location</span> <span class="n">/</span> <span class="p">{</span> <span class="kn">proxy_pass</span> <span class="s">[http://127.0.0.1:7474](http://127.0.0.1:7474)</span><span class="p">;</span> <span class="c1"># Standard Headers</span> <span class="kn">proxy_set_header</span> <span class="s">Host</span> <span class="nv">$host</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Real-IP</span> <span class="nv">$remote_addr</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-For</span> <span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-Proto</span> <span class="nv">$scheme</span><span class="p">;</span> <span class="c1"># WebSocket Support (Required for Neo4j Browser)</span> <span class="kn">proxy_http_version</span> <span class="mf">1.1</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Upgrade</span> <span class="nv">$http_upgrade</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Connection</span> <span class="s">"upgrade"</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Enable Site &amp; Restart Nginx </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo ln</span> <span class="nt">-s</span> /etc/nginx/sites-available/db.yourdomain.com /etc/nginx/sites-enabled/ <span class="nb">sudo rm</span> <span class="nt">-rf</span> /etc/nginx/sites-enabled/default <span class="nb">sudo </span>service nginx restart </code></pre> </div> <h2> 4. SSL Certificate (HTTPS) </h2> <p>Secure the browser connection using Certbot.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Install Certbot</span> <span class="nb">sudo </span>apt <span class="nb">install </span>certbot python3-certbot-nginx <span class="nt">-y</span> <span class="c"># Obtain Certificate</span> <span class="nb">sudo </span>certbot <span class="nt">--nginx</span> <span class="nt">-d</span> db.yourdomain.com </code></pre> </div> <h2> 5. How to Connect </h2> <h3> 1. Neo4j Browser (UI) </h3> <ul> <li> <strong>URL:</strong> <code>https://db.yourdomain.com</code> </li> <li> <strong>Username:</strong> <code>neo4j</code> </li> <li> <strong>Password:</strong> <em>(The password set in your .env file)</em> </li> </ul> <h3> 2. Application Connection (Bolt) </h3> <p>When connecting from Node.js, Python, Java, etc., use the Bolt protocol. This connects directly to the Docker container via port 7687.</p> <ul> <li> <strong>URI:</strong> <code>bolt://db.yourdomain.com:7687</code> </li> <li> <strong>Auth:</strong> Basic (<code>neo4j</code>, <code>your_password</code>)</li> </ul> <h2> 6. Troubleshooting </h2> <p>If you cannot connect via Bolt:</p> <ol> <li>Check that <strong>Port 7687</strong> is open in your AWS Security Group.</li> <li>Ensure <code>docker compose</code> is running: <code>sudo docker compose ps</code> </li> <li>Check logs: <code>sudo docker compose logs -f</code> </li> </ol> neo4j aws docker cloud