Deploy Neo4j on AWS EC2 with Docker, Nginx, and SSL
This guide details how to host a production-ready Neo4j Community Edition database on an Ubuntu EC2 instance using Docker Compose, Nginx as a reverse proxy, and Let's Encrypt for SSL.
🛑 Prerequisites: AWS Security Groups
Before connecting to your instance, ensure your EC2 Security Group has the following Inbound Rules configured:
| Type | Protocol | Port Range | Source | Description |
|---|---|---|---|---|
| SSH | TCP | 22 | Your IP | For server access |
| HTTP | TCP | 80 | 0.0.0.0/0 | For Nginx (Certbot) |
| HTTPS | TCP | 443 | 0.0.0.0/0 | For Nginx (Browser UI) |
| Custom TCP | TCP | 7687 | 0.0.0.0/0 | Bolt Protocol (App connection) |
1. Server Setup & Docker Installation
Connect to your instance via SSH and run the following commands to update the OS and install Docker.
Update & Install Essentials
sudo apt update && sudo apt install -y nginx ca-certificates curl gnupg
Add Docker Repository
# Create keyrings directory
sudo install -m 0755 -d /etc/apt/keyrings
# Download Docker GPG key
curl -fsSL [https://download.docker.com/linux/ubuntu/gpg](https://download.docker.com/linux/ubuntu/gpg) | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
# Set permissions
sudo chmod a+r /etc/apt/keyrings/docker.gpg
# Set up repository
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] [https://download.docker.com/linux/ubuntu](https://download.docker.com/linux/ubuntu) \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
Install & Start Docker
sudo apt update
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
# Enable and start Docker
sudo systemctl enable docker
sudo systemctl start docker
2. Project Setup
Create a directory to house your Neo4j configuration and data.
mkdir neo4j-server
cd neo4j-server
Create Environment File
Store your credentials securely.
nano .env
Paste the following (Change the password):
# Format: neo4j/your_password
NEO4J_AUTH=neo4j/your_secure_password_here
Create Docker Compose File
nano docker-compose.yml
Paste the following:
services:
neo4j:
image: neo4j:community
restart: always
ports:
- "7474:7474" # HTTP (Proxied via Nginx)
- "7687:7687" # Bolt (Direct connection)
environment:
- NEO4J_AUTH=${NEO4J_AUTH}
volumes:
- ./data:/data
- ./logs:/logs
- ./conf:/conf
- ./plugins:/plugins
# Increase file limits for Neo4j performance
ulimits:
nofile:
soft: 40000
hard: 40000
Start the Database
sudo docker compose up -d
3. Configure Nginx (Reverse Proxy)
This allows access to the Neo4j Browser via https://db.yourdomain.com instead of using the IP address.
Note: Ensure your domain points to the EC2 IP address in Route 53 (or your DNS provider).
sudo nano /etc/nginx/sites-available/db.yourdomain.com
Paste the configuration:
(Replace db.yourdomain.com with your actual domain)
server {
listen 80;
listen [::]:80;
server_name db.yourdomain.com;
# Allow larger imports via browser
client_max_body_size 100M;
location / {
proxy_pass [http://127.0.0.1:7474](http://127.0.0.1:7474);
# Standard Headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket Support (Required for Neo4j Browser)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
Enable Site & Restart Nginx
sudo ln -s /etc/nginx/sites-available/db.yourdomain.com /etc/nginx/sites-enabled/
sudo rm -rf /etc/nginx/sites-enabled/default
sudo service nginx restart
4. SSL Certificate (HTTPS)
Secure the browser connection using Certbot.
# Install Certbot
sudo apt install certbot python3-certbot-nginx -y
# Obtain Certificate
sudo certbot --nginx -d db.yourdomain.com
5. How to Connect
1. Neo4j Browser (UI)
-
URL:
https://db.yourdomain.com -
Username:
neo4j - Password: (The password set in your .env file)
2. Application Connection (Bolt)
When connecting from Node.js, Python, Java, etc., use the Bolt protocol. This connects directly to the Docker container via port 7687.
-
URI:
bolt://db.yourdomain.com:7687 -
Auth: Basic (
neo4j,your_password)
6. Troubleshooting
If you cannot connect via Bolt:
- Check that Port 7687 is open in your AWS Security Group.
- Ensure
docker composeis running:sudo docker compose ps - Check logs:
sudo docker compose logs -f
Top comments (1)
This post clearly walks through deploying Neo4j Community on EC2 with Docker, wiring it behind Nginx, securing it with Let's Encrypt SSL, and exposing both browser and Bolt access—really appreciate the concise, production-focused setup and troubleshooting tips.