Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #*****************************************************************
- # Neo4j configuration
- #
- # For more details and a complete list of settings, please see
- # https://neo4j.com/docs/operations-manual/current/reference/configuration-settings/
- #*****************************************************************
- # The name of the default database.
- #dbms.default_database=neo4j
- # Paths of directories in the installation.
- #dbms.directories.data=data
- #dbms.directories.plugins=plugins
- #dbms.directories.logs=logs
- #dbms.directories.lib=lib
- #dbms.directories.run=run
- #dbms.directories.licenses=licenses
- #dbms.directories.metrics=metrics
- #dbms.directories.transaction.logs.root=data/transactions
- #dbms.directories.dumps.root=data/dumps
- # This setting constrains all `LOAD CSV` import files to be under the `import` directory. Remove or comment it out to
- # allow files to be loaded from anywhere in the filesystem; this introduces possible security problems. See the
- # `LOAD CSV` section of the manual for details.
- dbms.directories.import=import
- # Whether requests to Neo4j are authenticated.
- # To disable authentication, uncomment this line
- dbms.security.auth_enabled=true
- # Enable this to be able to upgrade a store from an older version.
- #dbms.allow_upgrade=true
- # Number of databases in Neo4j is limited.
- # To change this limit please uncomment and adapt following setting:
- # dbms.max_databases=100
- # Enable online backups to be taken from this database.
- #dbms.backup.enabled=true
- # By default the backup service will only listen on localhost.
- # To enable remote backups you will have to bind to an external
- # network interface (e.g. 0.0.0.0 for all interfaces).
- # The protocol running varies depending on deployment. In a Causal Clustering environment this is the
- # same protocol that runs on causal_clustering.transaction_listen_address.
- #dbms.backup.listen_address=0.0.0.0:6362
- #********************************************************************
- # Memory Settings
- #********************************************************************
- #
- # Memory settings are specified kilobytes with the 'k' suffix, megabytes with
- # 'm' and gigabytes with 'g'.
- # If Neo4j is running on a dedicated server, then it is generally recommended
- # to leave about 2-4 gigabytes for the operating system, give the JVM enough
- # heap to hold all your transaction state and query context, and then leave the
- # rest for the page cache.
- # Java Heap Size: by default the Java heap size is dynamically calculated based
- # on available system resources. Uncomment these lines to set specific initial
- # and maximum heap size.
- dbms.memory.heap.initial_size=1G
- dbms.memory.heap.max_size=2G
- # The amount of memory to use for mapping the store files.
- # The default page cache memory assumes the machine is dedicated to running
- # Neo4j, and is heuristically set to 50% of RAM minus the Java heap size.
- dbms.memory.pagecache.size=1G
- # Limit the amount of memory that all of the running transaction can consume.
- # By default there is no limit.
- #dbms.memory.transaction.global_max_size=256m
- # Limit the amount of memory that a single transaction can consume.
- # By default there is no limit.
- #dbms.memory.transaction.max_size=16m
- # Transaction state location. It is recommended to use ON_HEAP.
- dbms.tx_state.memory_allocation=ON_HEAP
- #*****************************************************************
- # Network connector configuration
- #*****************************************************************
- # With default configuration Neo4j only accepts local connections.
- # To accept non-local connections, uncomment this line:
- #dbms.default_listen_address=0.0.0.0
- # You can also choose a specific network interface, and configure a non-default
- # port for each connector, by setting their individual listen_address.
- # The address at which this server can be reached by its clients. This may be the server's IP address or DNS name, or
- # it may be the address of a reverse proxy which sits in front of the server. This setting may be overridden for
- # individual connectors below.
- #dbms.default_advertised_address=localhost
- # You can also choose a specific advertised hostname or IP address, and
- # configure an advertised port for each connector, by setting their
- # individual advertised_address.
- # By default, encryption is turned off.
- # To turn on encryption, an ssl policy for the connector needs to be configured
- # Read more in SSL policy section in this file for how to define a SSL policy.
- # Bolt connector
- dbms.connector.bolt.enabled=true
- dbms.connector.bolt.thread_pool_min_size=10
- dbms.connector.bolt.thread_pool_max_size=100
- dbms.connector.bolt.thread_pool_keep_alive=10m
- #dbms.connector.bolt.tls_level=DISABLED
- #dbms.connector.bolt.listen_address=:7687
- #dbms.connector.bolt.advertised_address=:7687
- # HTTP Connector. There can be zero or one HTTP connectors.
- dbms.connector.http.enabled=true
- #dbms.connector.http.listen_address=:7474
- #dbms.connector.http.advertised_address=:7474
- # HTTPS Connector. There can be zero or one HTTPS connectors.
- dbms.connector.https.enabled=false
- #dbms.connector.https.listen_address=:7473
- #dbms.connector.https.advertised_address=:7473
- # Cluster Routing Connector. Enables the opening of an additional port to allow
- # for internal communication using the same security configuration as CLUSTER
- #dbms.routing.enabled=false
- # Customize the listen address and advertised address used for the routing connector.
- #dbms.routing.listen_address=0.0.0.0:7688
- #dbms.routing.advertised_address=:7688
- # Number of Neo4j worker threads.
- dbms.threads.worker_count=10
- #*****************************************************************
- # SSL policy configuration
- #*****************************************************************
- # Each policy is configured under a separate namespace, e.g.
- # dbms.ssl.policy.<scope>.*
- # <scope> can be any of 'bolt', 'https', 'cluster' or 'backup'
- #
- # The scope is the name of the component where the policy will be used
- # Each component where the use of an ssl policy is desired needs to declare at least one setting of the policy.
- # Allowable values are 'bolt', 'https', 'cluster' or 'backup'.
- # E.g if bolt and https connectors should use the same policy, the following could be declared
- # dbms.ssl.policy.bolt.base_directory=certificates/default
- # dbms.ssl.policy.https.base_directory=certificates/default
- # However, it's strongly encouraged to not use the same key pair for multiple scopes.
- #
- # N.B: Note that a connector must be configured to support/require
- # SSL/TLS for the policy to actually be utilized.
- #
- # see: dbms.connector.*.tls_level
- # SSL settings (dbms.ssl.policy.<scope>.*)
- # .base_directory Base directory for SSL policies paths. All relative paths within the
- # SSL configuration will be resolved from the base dir.
- #
- # .private_key A path to the key file relative to the '.base_directory'.
- #
- # .private_key_password The password for the private key.
- #
- # .public_certificate A path to the public certificate file relative to the '.base_directory'.
- #
- # .trusted_dir A path to a directory containing trusted certificates.
- #
- # .revoked_dir Path to the directory with Certificate Revocation Lists (CRLs).
- #
- # .verify_hostname If true, the server will verify the hostname that the client uses to connect with. In order
- # for this to work, the server public certificate must have a valid CN and/or matching
- # Subject Alternative Names.
- #
- # .client_auth How the client should be authorized. Possible values are: 'none', 'optional', 'require'.
- #
- # .tls_versions A comma-separated list of allowed TLS versions. By default only TLSv1.2 is allowed.
- #
- # .trust_all Setting this to 'true' will ignore the trust truststore, trusting all clients and servers.
- # Use of this mode is discouraged. It would offer encryption but no security.
- #
- # .ciphers A comma-separated list of allowed ciphers. The default ciphers are the defaults of
- # the JVM platform.
- # Bolt SSL configuration
- #dbms.ssl.policy.bolt.enabled=true
- #dbms.ssl.policy.bolt.base_directory=certificates/bolt
- #dbms.ssl.policy.bolt.private_key=private.key
- #dbms.ssl.policy.bolt.public_certificate=public.crt
- #dbms.ssl.policy.bolt.client_auth=NONE
- # Https SSL configuration
- #dbms.ssl.policy.https.enabled=true
- #dbms.ssl.policy.https.base_directory=certificates/https
- #dbms.ssl.policy.https.private_key=private.key
- #dbms.ssl.policy.https.public_certificate=public.crt
- #dbms.ssl.policy.https.client_auth=NONE
- # Cluster SSL configuration
- #dbms.ssl.policy.cluster.enabled=true
- #dbms.ssl.policy.cluster.base_directory=certificates/cluster
- #dbms.ssl.policy.cluster.private_key=private.key
- #dbms.ssl.policy.cluster.public_certificate=public.crt
- # Backup SSL configuration
- #dbms.ssl.policy.backup.enabled=true
- #dbms.ssl.policy.backup.base_directory=certificates/backup
- #dbms.ssl.policy.backup.private_key=private.key
- #dbms.ssl.policy.backup.public_certificate=public.crt
- #*****************************************************************
- # Logging configuration
- #*****************************************************************
- # To enable HTTP logging, uncomment this line
- #dbms.logs.http.enabled=true
- # Number of HTTP logs to keep.
- #dbms.logs.http.rotation.keep_number=5
- # Size of each HTTP log that is kept.
- #dbms.logs.http.rotation.size=20m
- # To enable GC Logging, uncomment this line
- #dbms.logs.gc.enabled=true
- # GC Logging Options
- # see https://docs.oracle.com/en/java/javase/11/tools/java.html#GUID-BE93ABDC-999C-4CB5-A88B-1994AAAC74D5
- #dbms.logs.gc.options=-Xlog:gc*,safepoint,age*=trace
- # Number of GC logs to keep.
- #dbms.logs.gc.rotation.keep_number=5
- # Size of each GC log that is kept.
- #dbms.logs.gc.rotation.size=20m
- # Log level for the debug log. One of DEBUG, INFO, WARN and ERROR. Be aware that logging at DEBUG level can be very verbose.
- dbms.logs.debug.level=DEBUG
- # Size threshold for rotation of the debug log. If set to zero then no rotation will occur. Accepts a binary suffix "k",
- # "m" or "g".
- #dbms.logs.debug.rotation.size=20m
- # Maximum number of history files for the internal log.
- #dbms.logs.debug.rotation.keep_number=7
- # Log executed queries. One of OFF, INFO and VERBOSE. INFO logs queries longer than a given threshold, VERBOSE logs start and end of all queries.
- dbms.logs.query.enabled=VERBOSE
- # If the execution of query takes more time than this threshold, the query is logged. If set to zero then all queries
- # are logged. Only used if `dbms.logs.query.enabled` is set to INFO
- dbms.logs.query.threshold=0
- # The file size in bytes at which the query log will auto-rotate. If set to zero then no rotation will occur. Accepts a
- # binary suffix "k", "m" or "g".
- #dbms.logs.query.rotation.size=20m
- # Maximum number of history files for the query log.
- #dbms.logs.query.rotation.keep_number=7
- # Include parameters for the executed queries being logged (this is enabled by default).
- dbms.logs.query.parameter_logging_enabled=true
- # Uncomment this line to include detailed time information for the executed queries being logged:
- dbms.logs.query.time_logging_enabled=true
- # Uncomment this line to include bytes allocated by the executed queries being logged:
- dbms.logs.query.allocation_logging_enabled=true
- # Uncomment this line to include page hits and page faults information for the executed queries being logged:
- dbms.logs.query.page_logging_enabled=true
- # The security log is always enabled when `dbms.security.auth_enabled=true`, and resides in `logs/security.log`.
- # Log level for the security log. One of DEBUG, INFO, WARN and ERROR.
- #dbms.logs.security.level=INFO
- # Threshold for rotation of the security log.
- #dbms.logs.security.rotation.size=20m
- # Minimum time interval after last rotation of the security log before it may be rotated again.
- #dbms.logs.security.rotation.delay=300s
- # Maximum number of history files for the security log.
- #dbms.logs.security.rotation.keep_number=7
- #*****************************************************************
- # Causal Clustering Configuration
- #*****************************************************************
- # Uncomment and specify these lines for running Neo4j in Causal Clustering mode.
- # See the Causal Clustering documentation at https://neo4j.com/docs/ for details.
- # Database mode
- # Allowed values:
- # CORE - Core member of the cluster, part of the consensus quorum.
- # READ_REPLICA - Read replica in the cluster, an eventually-consistent read-only instance of the database.
- # To operate this Neo4j instance in Causal Clustering mode as a core member, uncomment this line:
- #dbms.mode=CORE
- # Expected number of Core servers in the cluster at formation
- #causal_clustering.minimum_core_cluster_size_at_formation=3
- # Minimum expected number of Core servers in the cluster at runtime.
- #causal_clustering.minimum_core_cluster_size_at_runtime=3
- # A comma-separated list of the address and port for which to reach all other members of the cluster. It must be in the
- # host:port format. For each machine in the cluster, the address will usually be the public ip address of that machine.
- # The port will be the value used in the setting "causal_clustering.discovery_listen_address".
- #causal_clustering.initial_discovery_members=localhost:5000,localhost:5001,localhost:5002
- # Host and port to bind the cluster member discovery management communication.
- # This is the setting to add to the collection of address in causal_clustering.initial_core_cluster_members.
- # Use 0.0.0.0 to bind to any network interface on the machine. If you want to only use a specific interface
- # (such as a private ip address on AWS, for example) then use that ip address instead.
- # If you don't know what value to use here, use this machines ip address.
- #causal_clustering.discovery_listen_address=:5000
- # Network interface and port for the transaction shipping server to listen on.
- # Please note that it is also possible to run the backup client against this port so always limit access to it via the
- # firewall and configure an ssl policy. If you want to allow for messages to be read from
- # any network on this machine, us 0.0.0.0. If you want to constrain communication to a specific network address
- # (such as a private ip on AWS, for example) then use that ip address instead.
- # If you don't know what value to use here, use this machines ip address.
- #causal_clustering.transaction_listen_address=:6000
- # Network interface and port for the RAFT server to listen on. If you want to allow for messages to be read from
- # any network on this machine, us 0.0.0.0. If you want to constrain communication to a specific network address
- # (such as a private ip on AWS, for example) then use that ip address instead.
- # If you don't know what value to use here, use this machines ip address.
- #causal_clustering.raft_listen_address=:7000
- # List a set of names for groups to which this server should belong. This
- # is a comma-separated list and names should only use alphanumericals
- # and underscore. This can be used to identify groups of servers in the
- # configuration for load balancing and replication policies.
- #
- # The main intention for this is to group servers, but it is possible to specify
- # a unique identifier here as well which might be useful for troubleshooting
- # or other special purposes.
- #causal_clustering.server_groups
- #*****************************************************************
- # Causal Clustering Load Balancing
- #*****************************************************************
- # N.B: Read the online documentation for a thorough explanation!
- # Selects the load balancing plugin that shall be enabled.
- #causal_clustering.load_balancing.plugin=server_policies
- ####### Examples for "server_policies" plugin #######
- # Will select all available servers as the default policy, which is the
- # policy used when the client does not specify a policy preference. The
- # default configuration for the default policy is all().
- #causal_clustering.load_balancing.config.server_policies.default=all()
- # Will select servers in groups 'group1' or 'group2' under the default policy.
- #causal_clustering.load_balancing.config.server_policies.default=groups(group1,group2)
- # Slightly more advanced example:
- # Will select servers in 'group1', 'group2' or 'group3', but only if there are at least 2.
- # This policy will be exposed under the name of 'mypolicy'.
- #causal_clustering.load_balancing.config.server_policies.mypolicy=groups(group1,group2,group3) -> min(2)
- # Below will create an even more advanced policy named 'regionA' consisting of several rules
- # yielding the following behaviour:
- #
- # select servers in regionA, if at least 2 are available
- # otherwise: select servers in regionA and regionB, if at least 2 are available
- # otherwise: select all servers
- #
- # The intention is to create a policy for a particular region which prefers
- # a certain set of local servers, but which will fallback to other regions
- # or all available servers as required.
- #
- # N.B: The following configuration uses the line-continuation character \
- # which allows you to construct an easily readable rule set spanning
- # several lines.
- #
- #causal_clustering.load_balancing.config.server_policies.policyA=\
- #groups(regionA) -> min(2);\
- #groups(regionA,regionB) -> min(2);
- # Note that implicitly the last fallback is to always consider all() servers,
- # but this can be prevented by specifying a halt() as the last rule.
- #
- #causal_clustering.load_balancing.config.server_policies.regionA_only=\
- #groups(regionA);\
- #halt();
- #*****************************************************************
- # Causal Clustering Additional Configuration Options
- #*****************************************************************
- # The following settings are used less frequently.
- # If you don't know what these are, you don't need to change these from their default values.
- # Address and port that this machine advertises that it's RAFT server is listening at. Should be a
- # specific network address. If you are unsure about what value to use here, use this machine's ip address.
- #causal_clustering.raft_advertised_address=:7000
- # Address and port that this machine advertises that it's transaction shipping server is listening at. Should be a
- # specific network address. If you are unsure about what value to use here, use this machine's ip address.
- #causal_clustering.transaction_advertised_address=:6000
- # The time window within which the loss of the leader is detected and the first re-election attempt is held.
- # The window should be significantly larger than typical communication delays to make conflicts unlikely.
- #causal_clustering.leader_failure_detection_window=20s-23s
- # The rate at which leader elections happen. Note that due to election conflicts it might take several attempts to
- # find a leader. The window should be significantly larger than typical communication delays to make conflicts unlikely.
- #causal_clustering.election_failure_detection_window=3s-6s
- # The time limit allowed for a new member to attempt to update its data to match the rest of the cluster.
- #causal_clustering.join_catch_up_timeout=10m
- # Maximum amount of lag accepted for a new follower to join the Raft group.
- #causal_clustering.join_catch_up_max_lag=10s
- # The size of the batch for streaming entries to other machines while trying to catch up another machine.
- #causal_clustering.catchup_batch_size=64
- # When to pause sending entries to other machines and allow them to catch up.
- #causal_clustering.log_shipping_max_lag=256
- # Retry time for log shipping to followers after a stall.
- #causal_clustering.log_shipping_retry_timeout=5s
- # Raft log pruning frequncy.
- #causal_clustering.raft_log_pruning_frequency=10m
- # The size to allow the raft log to grow before rotating.
- #causal_clustering.raft_log_rotation_size=250M
- # The name of a server_group whose members should be prioritized as leaders for the given database.
- # This does not guarantee that members of this group will be leader at all times, but the cluster
- # will attempt to transfer leadership to such a member when possible.
- # N.B. the final portion of this config key is dynamic and refers to the name of the database being configured.
- # You may specify multiple `causal_clustering.leadership_priority_group.<database-name>=<server-group>` pairs:
- #causal_clustering.leadership_priority_group.foo
- #causal_clustering.leadership_priority_group.neo4j
- # Which strategy to use when transferring database leaderships around a cluster.
- # This can be one of `equal_balancing` or `no_balancing`.
- # `equal_balancing` automatically ensures that each Core server holds the leader role for an equal number of databases.
- # `no_balancing` prevents any automatic balancing of the leader role.
- # Note that if a `leadership_priority_group` is specified for a given database,
- # the value of this setting will be ignored for that database.
- #causal_clustering.leadership_balancing=equal_balancing
- ### The following setting is relevant for Read Replica servers only.
- # The interval of pulling updates from Core servers.
- #causal_clustering.pull_interval=1s
- #********************************************************************
- # Security Configuration
- #********************************************************************
- # The authentication and authorization providers that contains both users and roles.
- # This can be one of the built-in `native` or `ldap` auth providers,
- # or it can be an externally provided plugin, with a custom name prefixed by `plugin`,
- # i.e. `plugin-<AUTH_PROVIDER_NAME>`.
- dbms.security.authentication_providers=native,plugin-com.neo4j.plugin.jwt.auth.JwtAuthPlugin
- dbms.security.authorization_providers=native,plugin-com.neo4j.plugin.jwt.auth.JwtAuthPlugin
- # The time to live (TTL) for cached authentication and authorization info when using
- # external auth providers (LDAP or plugin). Setting the TTL to 0 will
- # disable auth caching.
- #dbms.security.auth_cache_ttl=10m
- # The maximum capacity for authentication and authorization caches (respectively).
- #dbms.security.auth_cache_max_capacity=10000
- # Set to log successful authentication events to the security log.
- # If this is set to `false` only failed authentication events will be logged, which
- # could be useful if you find that the successful events spam the logs too much,
- # and you do not require full auditing capability.
- #dbms.security.log_successful_authentication=true
- #================================================
- # LDAP Auth Provider Configuration
- #================================================
- # URL of LDAP server to use for authentication and authorization.
- # The format of the setting is `<protocol>://<hostname>:<port>`, where hostname is the only required field.
- # The supported values for protocol are `ldap` (default) and `ldaps`.
- # The default port for `ldap` is 389 and for `ldaps` 636.
- # For example: `ldaps://ldap.example.com:10389`.
- #
- # NOTE: You may want to consider using STARTTLS (`dbms.security.ldap.use_starttls`) instead of LDAPS
- # for secure connections, in which case the correct protocol is `ldap`.
- #dbms.security.ldap.host=localhost
- # Use secure communication with the LDAP server using opportunistic TLS.
- # First an initial insecure connection will be made with the LDAP server, and then a STARTTLS command
- # will be issued to negotiate an upgrade of the connection to TLS before initiating authentication.
- #dbms.security.ldap.use_starttls=false
- # The LDAP referral behavior when creating a connection. This is one of `follow`, `ignore` or `throw`.
- # `follow` automatically follows any referrals
- # `ignore` ignores any referrals
- # `throw` throws an exception, which will lead to authentication failure
- #dbms.security.ldap.referral=follow
- # The timeout for establishing an LDAP connection. If a connection with the LDAP server cannot be
- # established within the given time the attempt is aborted.
- # A value of 0 means to use the network protocol's (i.e., TCP's) timeout value.
- #dbms.security.ldap.connection_timeout=30s
- # The timeout for an LDAP read request (i.e. search). If the LDAP server does not respond within
- # the given time the request will be aborted. A value of 0 means wait for a response indefinitely.
- #dbms.security.ldap.read_timeout=30s
- #----------------------------------
- # LDAP Authentication Configuration
- #----------------------------------
- # LDAP authentication mechanism. This is one of `simple` or a SASL mechanism supported by JNDI,
- # for example `DIGEST-MD5`. `simple` is basic username
- # and password authentication and SASL is used for more advanced mechanisms. See RFC 2251 LDAPv3
- # documentation for more details.
- #dbms.security.ldap.authentication.mechanism=simple
- # LDAP user DN template. An LDAP object is referenced by its distinguished name (DN), and a user DN is
- # an LDAP fully-qualified unique user identifier. This setting is used to generate an LDAP DN that
- # conforms with the LDAP directory's schema from the user principal that is submitted with the
- # authentication token when logging in.
- # The special token {0} is a placeholder where the user principal will be substituted into the DN string.
- #dbms.security.ldap.authentication.user_dn_template=uid={0},ou=users,dc=example,dc=com
- # Determines if the result of authentication via the LDAP server should be cached or not.
- # Caching is used to limit the number of LDAP requests that have to be made over the network
- # for users that have already been authenticated successfully. A user can be authenticated against
- # an existing cache entry (instead of via an LDAP server) as long as it is alive
- # (see `dbms.security.auth_cache_ttl`).
- # An important consequence of setting this to `true` is that
- # Neo4j then needs to cache a hashed version of the credentials in order to perform credentials
- # matching. This hashing is done using a cryptographic hash function together with a random salt.
- # Preferably a conscious decision should be made if this method is considered acceptable by
- # the security standards of the organization in which this Neo4j instance is deployed.
- #dbms.security.ldap.authentication.cache_enabled=true
- #----------------------------------
- # LDAP Authorization Configuration
- #----------------------------------
- # Authorization is performed by searching the directory for the groups that
- # the user is a member of, and then map those groups to Neo4j roles.
- # Perform LDAP search for authorization info using a system account instead of the user's own account.
- #
- # If this is set to `false` (default), the search for group membership will be performed
- # directly after authentication using the LDAP context bound with the user's own account.
- # The mapped roles will be cached for the duration of `dbms.security.auth_cache_ttl`,
- # and then expire, requiring re-authentication. To avoid frequently having to re-authenticate
- # sessions you may want to set a relatively long auth cache expiration time together with this option.
- # NOTE: This option will only work if the users are permitted to search for their
- # own group membership attributes in the directory.
- #
- # If this is set to `true`, the search will be performed using a special system account user
- # with read access to all the users in the directory.
- # You need to specify the username and password using the settings
- # `dbms.security.ldap.authorization.system_username` and
- # `dbms.security.ldap.authorization.system_password` with this option.
- # Note that this account only needs read access to the relevant parts of the LDAP directory
- # and does not need to have access rights to Neo4j, or any other systems.
- #dbms.security.ldap.authorization.use_system_account=false
- # An LDAP system account username to use for authorization searches when
- # `dbms.security.ldap.authorization.use_system_account` is `true`.
- # Note that the `dbms.security.ldap.authentication.user_dn_template` will not be applied to this username,
- # so you may have to specify a full DN.
- #dbms.security.ldap.authorization.system_username
- # An LDAP system account password to use for authorization searches when
- # `dbms.security.ldap.authorization.use_system_account` is `true`.
- #dbms.security.ldap.authorization.system_password
- # The name of the base object or named context to search for user objects when LDAP authorization is enabled.
- # A common case is that this matches the last part of `dbms.security.ldap.authentication.user_dn_template`.
- #dbms.security.ldap.authorization.user_search_base=ou=users,dc=example,dc=com
- # The LDAP search filter to search for a user principal when LDAP authorization is
- # enabled. The filter should contain the placeholder token {0} which will be substituted for the
- # user principal.
- #dbms.security.ldap.authorization.user_search_filter=(&(objectClass=*)(uid={0}))
- # A list of attribute names on a user object that contains groups to be used for mapping to roles
- # when LDAP authorization is enabled.
- #dbms.security.ldap.authorization.group_membership_attributes=memberOf
- # An authorization mapping from LDAP group names to Neo4j role names.
- # The map should be formatted as a semicolon separated list of key-value pairs, where the
- # key is the LDAP group name and the value is a comma separated list of corresponding role names.
- # For example: group1=role1;group2=role2;group3=role3,role4,role5
- #
- # You could also use whitespaces and quotes around group names to make this mapping more readable,
- # for example: dbms.security.ldap.authorization.group_to_role_mapping=\
- # "cn=Neo4j Read Only,cn=users,dc=example,dc=com" = reader; \
- # "cn=Neo4j Read-Write,cn=users,dc=example,dc=com" = publisher; \
- # "cn=Neo4j Schema Manager,cn=users,dc=example,dc=com" = architect; \
- # "cn=Neo4j Administrator,cn=users,dc=example,dc=com" = admin
- #dbms.security.ldap.authorization.group_to_role_mapping
- #*****************************************************************
- # Miscellaneous configuration
- #*****************************************************************
- # Compresses the metric archive files.
- metrics.csv.rotation.compression=zip
- # Enable this to specify a parser other than the default one.
- #cypher.default_language_version=3.5
- # Determines if Cypher will allow using file URLs when loading data using
- # `LOAD CSV`. Setting this value to `false` will cause Neo4j to fail `LOAD CSV`
- # clauses that load data from the file system.
- #dbms.security.allow_csv_import_from_file_urls=true
- # Value of the Access-Control-Allow-Origin header sent over any HTTP or HTTPS
- # connector. This defaults to '*', which allows broadest compatibility. Note
- # that any URI provided here limits HTTP/HTTPS access to that URI only.
- #dbms.security.http_access_control_allow_origin=*
- # Value of the HTTP Strict-Transport-Security (HSTS) response header. This header
- # tells browsers that a webpage should only be accessed using HTTPS instead of HTTP.
- # It is attached to every HTTPS response. Setting is not set by default so
- # 'Strict-Transport-Security' header is not sent. Value is expected to contain
- # directives like 'max-age', 'includeSubDomains' and 'preload'.
- #dbms.security.http_strict_transport_security
- # Retention policy for transaction logs needed to perform recovery and backups.
- #dbms.tx_log.rotation.retention_policy=7 days
- # Limit the number of IOs the background checkpoint process will consume per second.
- # This setting is advisory, is ignored in Neo4j Community Edition, and is followed to
- # best effort in Enterprise Edition.
- # An IO is in this case a 8 KiB (mostly sequential) write. Limiting the write IO in
- # this way will leave more bandwidth in the IO subsystem to service random-read IOs,
- # which is important for the response time of queries when the database cannot fit
- # entirely in memory. The only drawback of this setting is that longer checkpoint times
- # may lead to slightly longer recovery times in case of a database or system crash.
- # A lower number means lower IO pressure, and consequently longer checkpoint times.
- # The configuration can also be commented out to remove the limitation entirely, and
- # let the checkpointer flush data as fast as the hardware will go.
- # Set this to -1 to disable the IOPS limit.
- # dbms.checkpoint.iops.limit=600
- # Only allow read operations from this Neo4j instance. This mode still requires
- # write access to the directory for lock purposes.
- #dbms.read_only=false
- # Comma separated list of JAX-RS packages containing JAX-RS resources, one
- # package name for each mountpoint. The listed package names will be loaded
- # under the mountpoints specified. Uncomment this line to mount the
- # org.neo4j.examples.server.unmanaged.HelloWorldResource.java from
- # neo4j-server-examples under /examples/unmanaged, resulting in a final URL of
- # http://localhost:7474/examples/unmanaged/helloworld/{nodeId}
- #dbms.unmanaged_extension_classes=org.neo4j.examples.server.unmanaged=/examples/unmanaged
- # A comma separated list of procedures and user defined functions that are allowed
- # full access to the database through unsupported/insecure internal APIs.
- dbms.security.procedures.unrestricted=jwt.security.*,apoc.*,gds.*
- # A comma separated list of procedures to be loaded by default.
- # Leaving this unconfigured will load all procedures found.
- #dbms.security.procedures.allowlist=apoc.coll.*,apoc.load.*,gds.*
- # For how long should drivers cache the discovery data from
- # the dbms.routing.getRoutingTable() procedure. Defaults to 300s.
- #dbms.routing_ttl=300s
- #********************************************************************
- # JVM Parameters
- #********************************************************************
- # G1GC generally strikes a good balance between throughput and tail
- # latency, without too much tuning.
- dbms.jvm.additional=-XX:+UseG1GC
- # Have common exceptions keep producing stack traces, so they can be
- # debugged regardless of how often logs are rotated.
- dbms.jvm.additional=-XX:-OmitStackTraceInFastThrow
- # Make sure that `initmemory` is not only allocated, but committed to
- # the process, before starting the database. This reduces memory
- # fragmentation, increasing the effectiveness of transparent huge
- # pages. It also reduces the possibility of seeing performance drop
- # due to heap-growing GC events, where a decrease in available page
- # cache leads to an increase in mean IO response time.
- # Try reducing the heap memory, if this flag degrades performance.
- dbms.jvm.additional=-XX:+AlwaysPreTouch
- # Trust that non-static final fields are really final.
- # This allows more optimizations and improves overall performance.
- # NOTE: Disable this if you use embedded mode, or have extensions or dependencies that may use reflection or
- # serialization to change the value of final fields!
- dbms.jvm.additional=-XX:+UnlockExperimentalVMOptions
- dbms.jvm.additional=-XX:+TrustFinalNonStaticFields
- # Disable explicit garbage collection, which is occasionally invoked by the JDK itself.
- dbms.jvm.additional=-XX:+DisableExplicitGC
- #Increase maximum number of nested calls that can be inlined from 9 (default) to 15
- dbms.jvm.additional=-XX:MaxInlineLevel=15
- # Disable biased locking
- dbms.jvm.additional=-XX:-UseBiasedLocking
- # Allow Neo4j to use @Contended annotation
- #dbms.jvm.additional=-XX:-RestrictContended
- # Restrict size of cached JDK buffers to 256 KB
- dbms.jvm.additional=-Djdk.nio.maxCachedBufferSize=262144
- # More efficient buffer allocation in Netty by allowing direct no cleaner buffers.
- dbms.jvm.additional=-Dio.netty.tryReflectionSetAccessible=true
- # Exits JVM on the first occurrence of an out-of-memory error. Its preferable to restart VM in case of out of memory errors.
- # dbms.jvm.additional=-XX:+ExitOnOutOfMemoryError
- # Expand Diffie Hellman (DH) key size from default 1024 to 2048 for DH-RSA cipher suites used in server TLS handshakes.
- # This is to protect the server from any potential passive eavesdropping.
- dbms.jvm.additional=-Djdk.tls.ephemeralDHKeySize=2048
- # This mitigates a DDoS vector.
- dbms.jvm.additional=-Djdk.tls.rejectClientInitiatedRenegotiation=true
- # Enable remote debugging
- #dbms.jvm.additional=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005
- # This filter prevents deserialization of arbitrary objects via java object serialization, addressing potential vulnerabilities.
- # By default this filter whitelists all neo4j classes, as well as classes from the hazelcast library and the java standard library.
- # These defaults should only be modified by expert users!
- # For more details (including filter syntax) see: https://openjdk.java.net/jeps/290
- #dbms.jvm.additional=-Djdk.serialFilter=java.**;org.neo4j.**;com.neo4j.**;com.hazelcast.**;net.sf.ehcache.Element;com.sun.proxy.*;org.openjdk.jmh.**;!*
- # Increase the default flight recorder stack sampling depth from 64 to 256, to avoid truncating frames when profiling.
- dbms.jvm.additional=-XX:FlightRecorderOptions=stackdepth=256
- # Allow profilers to sample between safepoints. Without this, sampling profilers may produce less accurate results.
- dbms.jvm.additional=-XX:+UnlockDiagnosticVMOptions
- dbms.jvm.additional=-XX:+DebugNonSafepoints
- # Disable logging JMX endpoint.
- dbms.jvm.additional=-Dlog4j2.disable.jmx=true
- #********************************************************************
- # Wrapper Windows NT/2000/XP Service Properties
- #********************************************************************
- # WARNING - Do not modify any of these properties when an application
- # using this configuration file has been installed as a service.
- # Please uninstall the service before modifying this section. The
- # service can then be reinstalled.
- # Name of the service
- dbms.windows_service_name=neo4j-relate-dbms-e9620271-c852-4ba1-8e4f-4f702370a118
- #********************************************************************
- # Other Neo4j system properties
- #********************************************************************
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement