I am not able to connect to Database through bolt in Neo4j browser when opening my domain on HTTPS. We are using Neo4j Enterprise version 4.4.4 and its deployed on AWS EC2. All the ports are opened in Security Group ( 7474, 7473, 7687, 22).
SSL has been applied through ACM and that is attached with Application Load Balancer.
Below is the error-
ServiceUnavailable: WebSocket connection failure. Due to security constraints in your web browser, the reason for the failure is not available to this Neo4j Driver. Please use your browsers development console to determine the root cause of the failure. Common reasons include the database being unavailable, using the wrong connection URL or temporary network problems. If you have enabled encryption, ensure your browser is configured to trust the certificate Neo4j is configured to use.
Use "bolt+s://" or "neo4j+s://" for the connection
The '+s' variants of URI schemes for encrypted sessions with full certificates
Refer to the Neo4j Driver manual for more details on the connection URI.
I had the same issue after deploying to EC2 using an AWS image (not from neo4j) to install neo4j community edition.
In my case, the neo4j browser was initially using this "Connect URL": neo4j://127.0.0.1:7687, which the browser then automatically changed to bolt://127.0.0.1:7687. After that, I saw the same error message that you did.
If you experience that scenario, you need to change the 127.0.0.1 portion of the URL to the appropriate public IP address or public DNS hostname for your EC2 instance.
Related
I have a Spring boot project which I want to host on an AWS-EC2 instance. I was able to create its image using Git-hub, Jenkin and docker. I was also able to successfully pull and run this image in the Linux console of my AWS-EC2 instance.
According the tutorial I was following I should have been able to open the project now using the public IPv4 DNS but the response I got was that it refuse to connect.
I know that this usually has to do with Inbound rules so I added a rule to allow all traffic but it didn't help.
For anyone who wants to know:
Git-hub repository: https://github.com/SalahuddinShayan/telecom
Docker-Hub repository: https://hub.docker.com/repository/docker/salahuddinshayan/telecom
Command I used to run the image in AWS:
docker run -p8081:8081 --name final-app --link docker-mysql:mysql salahuddinshayan/telecom
Security Groups:
Networking Details:
Here is the Error:
I am completely stumped by it. Does anyone an idea on what to do to fix this?
Please check if your client is calling the right protocol, e.g. http vs https.
You are transmitting on port 8081. http://3.110.29.193:8081/ works fine from the EC2 side. 404 status is raised, so this is a client side error, not a server side error.
It means that no firewall is blocking traffic and a process (your app) was found that listens on IP:Port that you require. The problem is that the process it encountered (your app) is sending only a WhiteLabel Error Page, which is a generic Spring Boot error page that is displayed when no custom error page is present. So the issue is with the Spring app itself and not with EC2 or with connection. In other words: the traffic can reach your Spring app, but your Spring app has nothing to say in response.
As a side note, after deploying your app I would advise to refine the inbound traffic rules to allow only the traffic you want. There is no need of allowing all traffic on all ports.
Need to encrypt data in transit from application severs to RDS SQL server with SSL/TLS?
I see aws gives the option to make force encryption = true in parameter group with self signed certs.
Is there a way to use customer certs to import into RDS?
Any configuration steps to do this at application server and on RDS?
Appreciate any info on this . Didn't find anything in AWS knowledge base.
Note: Application servers sit behind load balancer.
For RDS SQL Server you will need to use the PEM that AWS provides for TLS.
You have a choice of either:
Root certificate
Intermediary and root certificate
The application server will need to have access to this certificate before it can connect to the RDS instance.
Unfortunately at this time only Aurora supports uploading your own certificates (and then accessing via ACM), you will need to use the provided one.
For connecting and configuring the RDS there is a specific Using SSL with a Microsoft SQL Server DB Instance page.
I am using WordPress Certified by Bitnami and Automattic, and one VM Instance running in Google Cloud Compute Engine.
I configured a free SSL certificate from Let's Encrypt for my website and also configured the Certbot Auto-Renewal script.
I tried using Cloudflare and I was receiving 5xx errors sometimes, mostly 522 timeout error. I stopped using the Cloudflare service, and I tried to configure a GCP load balancer for my VM Instance.
I created an Unmanaged Instance Group and I configured the HTTP protocol for my backend service with Cloud CDN Enabled in the load balancer, and for the Frontend, I configured an HTTP and HTTPS protocol and created a Google Managed SSL Certificate for the HTTPS protocol in my load balancer.
(The SSL certificate is ACTIVE)
I used this link to configure my load balancer in Google Cloud Platform:
https://docs.bitnami.com/google-templates/how-to/configure-lb-ssl-google-templates/
The problem is that I have 2 SSL Certificates and I get 502 Server Error:
*
"Error: Server Error The server encountered a temporary error and
could not complete your request. Please try again in 30 seconds."
*
I don't know how to solve this problem.
I just want to use a very basic and common configuration for my website.
I also want to know why I received a 522 timeout error from Cloudflare and how to solve it.
I need a quick response and appreciate your answers and help in advance.
I would advise you to follow 1 to create a HTTPS Load Balancer with the backend service 2. Once you create that, you can enable CDN 3.
Regarding the errors, Make sure that your backend instance is healthy and supports HTTP/2 protocol. You can verify this by testing connectivity to the backend instance using HTTP/2.
After you verify that the VM uses the HTTP/2 protocol, make sure your firewall setup allows the health checker and load balancer to pass through.
If there are no problems with the firewall setup, ensure that the load balancer is configured to talk to the correct port on the VM. I will also suggest you to walkthrough 4 for more steps that you can take to troubleshoot this issue.
I set AWS Client VPN Endpoint, and downloaded opvn file, configured it to refer to cert/key files and connected to AWS RDS.
It used to success connecting yesterday, but today, after re-installing ESET security app
It shows the following error when I trying connecting with MySQL client app:
ERROR 2005 (HY000): Unknown MySQL server host 'myrds.something.ap-northeast-1.rds.amazonaws.com' (0)
I am not sure how to detect the cause of the error. If I configured RDS settings to pubilc, the error above not shown and just waiting for minutes...
(maybe I guess some DNS settings overriden by ESET? )
You can easily debug the problem:
AWS Client VPN Endpoint, You can see the active connection. See if you are connected to it or not.
Do you restarted or reinstall RDS also, Because it will change the URL to connect.
Is username/password of DB is changed.
If RDS is in public setting you don't even need a VPN connection.
Also as suggested above check VPN to RDS VPC Route.
Thanks,
AB
here are some troubleshooting steps.
When you connect your VPN:
Check if it's pushing the DNS server address via DHCP configuration
Check if new routes are added to your route table. you can do "route print" in the windows command line
Hope this helps.
We have a very difficult problem here, we have a Windows Server 2019 Base x64 on Amazon EC2, connected through RDP and setup-ed forest and activated AD DS , also activated DNS. But whenever we try to connect we are not allowed to.
We have opened all the relevant ports on inbound traffic rules.
We have added users.
We have tried searching internet and various tutorials.
In Server Manager=:
Added the public ipv4 address to our ipv4 settings of the adapter.
Went to the computer setting in computer domain entered the domain but no fun.
Disabled the firewall in server manager.
We want to connect our clients on different network to connect to the server hosted else-where on AWS.
We are really new into this can some one guide through this?
Please make sure there is network connectivity between your client and you DC which is set up on EC-2 Instance.
[1] In case your clients are on AWS (meaning different EC-2 Instances), and in a different network, you need to create VPC peering or use Transit Gateway, so that it has proper network connectivity.
[2] In case your clients are not on AWS, and in an On-prem Environment, you need to have a VPN connection between your client and your DC.
So in Summary, you need to have network connectivity between your client and DC so that clients can join your Domain.
What do you mean whenever we try to connect we are not allowed to?
What are you trying to connect to, the Windows EC2 instance?
Are you saying that the instance is joined to AWS Directory Service domain but you can't connect to the instance using one of the users in your AWS directory?
Edit: This should have been a comment but couldn't post comments at the time of answering.