| #***************************************************************** | |
| # Neo4j configuration | |
| # | |
| # For more details and a complete list of settings, please see | |
| # https://neo4j.com/docs/operations-manual/current/reference/configuration-settings/ | |
| #***************************************************************** | |
| # The name of the default database | |
| #initial.dbms.default_database=neo4j | |
| # Paths of directories in the installation. | |
| #server.directories.data=data | |
| #server.directories.plugins=plugins | |
| #server.directories.logs=logs | |
| #server.directories.lib=lib | |
| #server.directories.run=run | |
| #server.directories.licenses=licenses | |
| #server.directories.transaction.logs.root=data/transactions | |
| # This setting constrains all `LOAD CSV` import files to be under the `import` directory. Remove or comment it out to | |
| # allow files to be loaded from anywhere in the filesystem; this introduces possible security problems. See the | |
| # `LOAD CSV` section of the manual for details. | |
| server.directories.import=import | |
| # Whether requests to Neo4j are authenticated. | |
| # To disable authentication, uncomment this line | |
| dbms.security.auth_enabled=false | |
| # Anonymous usage data reporting | |
| # To disable, uncomment this line | |
| #dbms.usage_report.enabled=false | |
| #******************************************************************** | |
| # Memory Settings | |
| #******************************************************************** | |
| # | |
| # Memory settings are specified kibibytes with the 'k' suffix, mebibytes with | |
| # 'm' and gibibytes with 'g'. | |
| # If Neo4j is running on a dedicated server, then it is generally recommended | |
| # to leave about 2-4 gigabytes for the operating system, give the JVM enough | |
| # heap to hold all your transaction state and query context, and then leave the | |
| # rest for the page cache. | |
| # Java Heap Size: by default the Java heap size is dynamically calculated based | |
| # on available system resources. Uncomment these lines to set specific initial | |
| # and maximum heap size. | |
| #server.memory.heap.initial_size=512m | |
| #server.memory.heap.max_size=512m | |
| # The amount of memory to use for mapping the store files. | |
| # The default page cache memory assumes the machine is dedicated to running | |
| # Neo4j, and is heuristically set to 50% of RAM minus the Java heap size. | |
| #server.memory.pagecache.size=10g | |
| # Limit the amount of memory that all of the running transaction can consume. | |
| # The default value is 70% of the heap size limit. | |
| #dbms.memory.transaction.total.max=256m | |
| # Limit the amount of memory that a single transaction can consume. | |
| # By default there is no limit. | |
| #db.memory.transaction.max=16m | |
| #***************************************************************** | |
| # Network connector configuration | |
| #***************************************************************** | |
| # With default configuration Neo4j only accepts local connections. | |
| # To accept non-local connections, uncomment this line: | |
| #server.default_listen_address=0.0.0.0 | |
| # You can also choose a specific network interface, and configure a non-default | |
| # port for each connector, by setting their individual listen_address. | |
| # The address at which this server can be reached by its clients. This may be the server's IP address or DNS name, or | |
| # it may be the address of a reverse proxy which sits in front of the server. This setting may be overridden for | |
| # individual connectors below. | |
| #server.default_advertised_address=localhost | |
| # You can also choose a specific advertised hostname or IP address, and | |
| # configure an advertised port for each connector, by setting their | |
| # individual advertised_address. | |
| # By default, encryption is turned off. | |
| # To turn on encryption, an ssl policy for the connector needs to be configured | |
| # Read more in SSL policy section in this file for how to define a SSL policy. | |
| # Bolt connector | |
| server.bolt.enabled=true | |
| #server.bolt.tls_level=DISABLED | |
| #server.bolt.listen_address=:7687 | |
| #server.bolt.advertised_address=:7687 | |
| # HTTP Connector. There can be zero or one HTTP connectors. | |
| server.http.enabled=true | |
| server.http.listen_address=:7860 | |
| server.http.advertised_address=:7860 | |
| # server.http.listen_address=:7474 | |
| # server.http.advertised_address=:7474 | |
| # HTTPS Connector. There can be zero or one HTTPS connectors. | |
| server.https.enabled=false | |
| #server.https.listen_address=:7473 | |
| #server.https.advertised_address=:7473 | |
| # Number of Neo4j worker threads. | |
| #server.threads.worker_count= | |
| #***************************************************************** | |
| # SSL policy configuration | |
| #***************************************************************** | |
| # Each policy is configured under a separate namespace, e.g. | |
| # dbms.ssl.policy.<scope>.* | |
| # <scope> can be any of 'bolt', 'https', 'cluster' or 'backup' | |
| # | |
| # The scope is the name of the component where the policy will be used | |
| # Each component where the use of an ssl policy is desired needs to declare at least one setting of the policy. | |
| # Allowable values are 'bolt', 'https', 'cluster' or 'backup'. | |
| # E.g if bolt and https connectors should use the same policy, the following could be declared | |
| # dbms.ssl.policy.bolt.base_directory=certificates/default | |
| # dbms.ssl.policy.https.base_directory=certificates/default | |
| # However, it's strongly encouraged to not use the same key pair for multiple scopes. | |
| # | |
| # N.B: Note that a connector must be configured to support/require | |
| # SSL/TLS for the policy to actually be utilized. | |
| # | |
| # see: dbms.connector.*.tls_level | |
| # SSL settings (dbms.ssl.policy.<scope>.*) | |
| # .base_directory Base directory for SSL policies paths. All relative paths within the | |
| # SSL configuration will be resolved from the base dir. | |
| # | |
| # .private_key A path to the key file relative to the '.base_directory'. | |
| # | |
| # .private_key_password The password for the private key. | |
| # | |
| # .public_certificate A path to the public certificate file relative to the '.base_directory'. | |
| # | |
| # .trusted_dir A path to a directory containing trusted certificates. | |
| # | |
| # .revoked_dir Path to the directory with Certificate Revocation Lists (CRLs). | |
| # | |
| # .verify_hostname If true, the server will verify the hostname that the client uses to connect with. In order | |
| # for this to work, the server public certificate must have a valid CN and/or matching | |
| # Subject Alternative Names. | |
| # | |
| # .client_auth How the client should be authorized. Possible values are: 'none', 'optional', 'require'. | |
| # | |
| # .tls_versions A comma-separated list of allowed TLS versions. By default only TLSv1.2 and TLSv1.3 are allowed. | |
| # | |
| # .trust_all Setting this to 'true' will ignore the trust truststore, trusting all clients and servers. | |
| # Use of this mode is discouraged. It would offer encryption but no security. | |
| # | |
| # .ciphers A comma-separated list of allowed ciphers. The default ciphers are the defaults of | |
| # the JVM platform. | |
| # Bolt SSL configuration | |
| #dbms.ssl.policy.bolt.enabled=true | |
| #dbms.ssl.policy.bolt.base_directory=certificates/bolt | |
| #dbms.ssl.policy.bolt.private_key=private.key | |
| #dbms.ssl.policy.bolt.public_certificate=public.crt | |
| #dbms.ssl.policy.bolt.client_auth=NONE | |
| # Https SSL configuration | |
| #dbms.ssl.policy.https.enabled=true | |
| #dbms.ssl.policy.https.base_directory=certificates/https | |
| #dbms.ssl.policy.https.private_key=private.key | |
| #dbms.ssl.policy.https.public_certificate=public.crt | |
| #dbms.ssl.policy.https.client_auth=NONE | |
| # Cluster SSL configuration | |
| #dbms.ssl.policy.cluster.enabled=true | |
| #dbms.ssl.policy.cluster.base_directory=certificates/cluster | |
| #dbms.ssl.policy.cluster.private_key=private.key | |
| #dbms.ssl.policy.cluster.public_certificate=public.crt | |
| # Backup SSL configuration | |
| #dbms.ssl.policy.backup.enabled=true | |
| #dbms.ssl.policy.backup.base_directory=certificates/backup | |
| #dbms.ssl.policy.backup.private_key=private.key | |
| #dbms.ssl.policy.backup.public_certificate=public.crt | |
| #***************************************************************** | |
| # Logging configuration | |
| #***************************************************************** | |
| # To enable HTTP logging, uncomment this line | |
| #dbms.logs.http.enabled=true | |
| # To enable GC Logging, uncomment this line | |
| #server.logs.gc.enabled=true | |
| # GC Logging Options | |
| # see https://docs.oracle.com/en/java/javase/11/tools/java.html#GUID-BE93ABDC-999C-4CB5-A88B-1994AAAC74D5 | |
| #server.logs.gc.options=-Xlog:gc*,safepoint,age*=trace | |
| # Number of GC logs to keep. | |
| #server.logs.gc.rotation.keep_number=5 | |
| # Size of each GC log that is kept. | |
| #server.logs.gc.rotation.size=20m | |
| #***************************************************************** | |
| # Miscellaneous configuration | |
| #***************************************************************** | |
| # Determines if Cypher will allow using file URLs when loading data using | |
| # `LOAD CSV`. Setting this value to `false` will cause Neo4j to fail `LOAD CSV` | |
| # clauses that load data from the file system. | |
| #dbms.security.allow_csv_import_from_file_urls=true | |
| # Value of the Access-Control-Allow-Origin header sent over any HTTP or HTTPS | |
| # connector. This defaults to '*', which allows broadest compatibility. Note | |
| # that any URI provided here limits HTTP/HTTPS access to that URI only. | |
| #dbms.security.http_access_control_allow_origin=* | |
| # Value of the HTTP Strict-Transport-Security (HSTS) response header. This header | |
| # tells browsers that a webpage should only be accessed using HTTPS instead of HTTP. | |
| # It is attached to every HTTPS response. Setting is not set by default so | |
| # 'Strict-Transport-Security' header is not sent. Value is expected to contain | |
| # directives like 'max-age', 'includeSubDomains' and 'preload'. | |
| #dbms.security.http_strict_transport_security= | |
| # Retention policy for transaction logs needed to perform recovery and backups. | |
| db.tx_log.rotation.retention_policy=2 days 2G | |
| # Whether or not any database on this instance are read_only by default. | |
| # If false, individual databases may be marked as read_only using dbms.database.read_only. | |
| # If true, individual databases may be marked as writable using dbms.databases.writable. | |
| #dbms.databases.default_to_read_only=false | |
| # Comma separated list of JAX-RS packages containing JAX-RS resources, one | |
| # package name for each mountpoint. The listed package names will be loaded | |
| # under the mountpoints specified. Uncomment this line to mount the | |
| # org.neo4j.examples.server.unmanaged.HelloWorldResource.java from | |
| # neo4j-server-examples under /examples/unmanaged, resulting in a final URL of | |
| # http://localhost:7474/examples/unmanaged/helloworld/{nodeId} | |
| #server.unmanaged_extension_classes=org.neo4j.examples.server.unmanaged=/examples/unmanaged | |
| # A comma separated list of procedures and user defined functions that are allowed | |
| # full access to the database through unsupported/insecure internal APIs. | |
| #dbms.security.procedures.unrestricted=my.extensions.example,my.procedures.* | |
| # A comma separated list of procedures to be loaded by default. | |
| # Leaving this unconfigured will load all procedures found. | |
| #dbms.security.procedures.allowlist=apoc.coll.*,apoc.load.*,gds.* | |
| #******************************************************************** | |
| # JVM Parameters | |
| #******************************************************************** | |
| # G1GC generally strikes a good balance between throughput and tail | |
| # latency, without too much tuning. | |
| server.jvm.additional=-XX:+UseG1GC | |
| # Have common exceptions keep producing stack traces, so they can be | |
| # debugged regardless of how often logs are rotated. | |
| server.jvm.additional=-XX:-OmitStackTraceInFastThrow | |
| # Make sure that `initmemory` is not only allocated, but committed to | |
| # the process, before starting the database. This reduces memory | |
| # fragmentation, increasing the effectiveness of transparent huge | |
| # pages. It also reduces the possibility of seeing performance drop | |
| # due to heap-growing GC events, where a decrease in available page | |
| # cache leads to an increase in mean IO response time. | |
| # Try reducing the heap memory, if this flag degrades performance. | |
| server.jvm.additional=-XX:+AlwaysPreTouch | |
| # Trust that non-static final fields are really final. | |
| # This allows more optimizations and improves overall performance. | |
| # NOTE: Disable this if you use embedded mode, or have extensions or dependencies that may use reflection or | |
| # serialization to change the value of final fields! | |
| server.jvm.additional=-XX:+UnlockExperimentalVMOptions | |
| server.jvm.additional=-XX:+TrustFinalNonStaticFields | |
| # Disable explicit garbage collection, which is occasionally invoked by the JDK itself. | |
| server.jvm.additional=-XX:+DisableExplicitGC | |
| # Restrict size of cached JDK buffers to 1 KB | |
| server.jvm.additional=-Djdk.nio.maxCachedBufferSize=1024 | |
| # More efficient buffer allocation in Netty by allowing direct no cleaner buffers. | |
| server.jvm.additional=-Dio.netty.tryReflectionSetAccessible=true | |
| # Exits JVM on the first occurrence of an out-of-memory error. Its preferable to restart VM in case of out of memory errors. | |
| # server.jvm.additional=-XX:+ExitOnOutOfMemoryError | |
| # Expand Diffie Hellman (DH) key size from default 1024 to 2048 for DH-RSA cipher suites used in server TLS handshakes. | |
| # This is to protect the server from any potential passive eavesdropping. | |
| server.jvm.additional=-Djdk.tls.ephemeralDHKeySize=2048 | |
| # This mitigates a DDoS vector. | |
| server.jvm.additional=-Djdk.tls.rejectClientInitiatedRenegotiation=true | |
| # Enable remote debugging | |
| #server.jvm.additional=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005 | |
| # This filter prevents deserialization of arbitrary objects via java object serialization, addressing potential vulnerabilities. | |
| # By default this filter whitelists all neo4j classes, as well as classes from the hazelcast library and the java standard library. | |
| # These defaults should only be modified by expert users! | |
| # For more details (including filter syntax) see: https://openjdk.java.net/jeps/290 | |
| #server.jvm.additional=-Djdk.serialFilter=java.**;org.neo4j.**;com.neo4j.**;com.hazelcast.**;net.sf.ehcache.Element;com.sun.proxy.*;org.openjdk.jmh.**;!* | |
| # Increase the default flight recorder stack sampling depth from 64 to 256, to avoid truncating frames when profiling. | |
| server.jvm.additional=-XX:FlightRecorderOptions=stackdepth=256 | |
| # Allow profilers to sample between safepoints. Without this, sampling profilers may produce less accurate results. | |
| server.jvm.additional=-XX:+UnlockDiagnosticVMOptions | |
| server.jvm.additional=-XX:+DebugNonSafepoints | |
| # Open modules for neo4j to allow internal access | |
| server.jvm.additional=--add-opens=java.base/java.nio=ALL-UNNAMED | |
| server.jvm.additional=--add-opens=java.base/java.io=ALL-UNNAMED | |
| server.jvm.additional=--add-opens=java.base/sun.nio.ch=ALL-UNNAMED | |
| # Enable native memory access | |
| server.jvm.additional=--enable-native-access=ALL-UNNAMED | |
| # Enable access to JDK vector API | |
| # server.jvm.additional=--add-modules=jdk.incubator.vector | |
| # Disable logging JMX endpoint. | |
| server.jvm.additional=-Dlog4j2.disable.jmx=true | |
| # Increasing the JSON log string maximum length | |
| server.jvm.additional=-Dlog4j.layout.jsonTemplate.maxStringLength=32768 | |
| # Limit JVM metaspace and code cache to allow garbage collection. Used by cypher for code generation and may grow indefinitely unless constrained. | |
| # Useful for memory constrained environments | |
| #server.jvm.additional=-XX:MaxMetaspaceSize=1024m | |
| #server.jvm.additional=-XX:ReservedCodeCacheSize=512m | |
| # Allow big methods to be JIT compiled. | |
| # Useful for big queries and big expressions where cypher code generation can create large methods. | |
| #server.jvm.additional=-XX:-DontCompileHugeMethods | |
| #******************************************************************** | |
| # Wrapper Windows NT/2000/XP Service Properties | |
| #******************************************************************** | |
| # WARNING - Do not modify any of these properties when an application | |
| # using this configuration file has been installed as a service. | |
| # Please uninstall the service before modifying this section. The | |
| # service can then be reinstalled. | |
| # Name of the service | |
| server.windows_service_name=neo4j | |
| #******************************************************************** | |
| # Other Neo4j system properties | |
| #******************************************************************** | |