Last active
December 20, 2020 21:29
-
-
Save corupta/f86f517819c776f4922839715bf0d38e to your computer and use it in GitHub Desktop.
Create neo4j 4.0 deployment (run it in aws ec2 ubuntu)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
wget -O - https://debian.neo4j.com/neotechnology.gpg.key | sudo apt-key add - | |
echo 'deb https://debian.neo4j.com stable 4.0' | sudo tee /etc/apt/sources.list.d/neo4j.list | |
apt-get update | |
apt-get -y install neo4j | |
cd /var/lib/neo4j/plugins || exit | |
wget https://github.com/neo4j-contrib/neo4j-apoc-procedures/releases/download/4.0.0.2/apoc-4.0.0.2-all.jar | |
echo 'dbms.security.procedures.unrestricted=apoc.*' >> /etc/neo4j/neo4j.conf | |
echo 'dbms.default_listen_address=0.0.0.0' >> /etc/neo4j/neo4j.conf | |
service neo4j restart | |
# RESTART ON REBOOT PART | |
cp /usr/bin/neo4j /etc/init.d/neo4j | |
# shellcheck disable=SC2016 | |
echo '#!/bin/sh | |
OWNER=root #Set to the owner of the Neo4j installation | |
case "$1" in | |
"start") | |
su - $OWNER -c "service neo4j start" | |
;; | |
"stop") | |
su - $OWNER -c "service neo4j stop" | |
;; | |
"restart") | |
su - $OWNER -c "service neo4j restart" | |
;; | |
*) | |
echo "Usage: $0 { start | stop | restart }" | |
exit 1 | |
;; | |
esac | |
exit 0 | |
' > /etc/init.d/neo4j_ctl | |
chmod 744 /etc/init.d/neo4j_ctl | |
# export RUNLEVEL_STR="$(/sbin/runlevel)" | |
# export RUNLEVEL="${RUNLEVEL//[!0-9]/}" | |
# ln -s /etc/init.d/neo4j_ctl "/etc/rc${RUNLEVEL}.d/S40neo4j_ctl" | |
ln -s /etc/init.d/neo4j_ctl /etc/rc3.d/S40neo4j_ctl | |
ln -s /etc/init.d/neo4j_ctl /etc/rc5.d/S40neo4j_ctl | |
ln -s /etc/init.d/neo4j_ctl /etc/rc0.d/K30neo4j_ctl | |
# SSL PART | |
apt-get update | |
apt-get install software-properties-common | |
add-apt-repository ppa:certbot/certbot | |
apt-get update | |
apt-get install -y certbot | |
# shellcheck disable=SC2016 | |
echo '#!/usr/bin/env bash | |
# run "sudo certbot certonly" to obtain ssl certificates, afterwards run /home/ubuntu/ssl-neo4j.sh | |
sudo chgrp -R neo4j /etc/letsencrypt/* | |
sudo chmod -R g+rx /etc/letsencrypt/* | |
cd /var/lib/neo4j/certificates | |
sudo mkdir -p revoked trusted bak/trusted bak/revoked | |
sudo mv neo4j.* bak | |
sudo mv trusted/neo4j.* bak/trusted | |
sudo mv revoked/neo4j.* bak/revoked | |
export MY_DOMAIN=graph.somehost.com | |
sudo ln -s /etc/letsencrypt/live/$MY_DOMAIN/fullchain.pem neo4j.cert | |
sudo ln -s /etc/letsencrypt/live/$MY_DOMAIN/privkey.pem neo4j.key | |
sudo ln -s /etc/letsencrypt/live/$MY_DOMAIN/fullchain.pem trusted/neo4j.cert | |
echo " | |
dbms.connector.https.enabled=true | |
# need something else to do to make bolt tls work too | |
bolt.ssl_policy=default | |
dbms.ssl.policy.bolt.enabled=true | |
dbms.ssl.policy.bolt.base_directory=/var/lib/neo4j/certificates | |
dbms.ssl.policy.bolt.allow_key_generation=false | |
dbms.ssl.policy.bolt.private_key=/var/lib/neo4j/certificates/neo4j.key | |
dbms.ssl.policy.bolt.public_certificate=/var/lib/neo4j/certificates/neo4j.cert | |
dbms.ssl.policy.bolt.revoked_dir=/var/lib/neo4j/certificates/revoked | |
dbms.ssl.policy.bolt.client_auth=NONE | |
dbms.ssl.policy.https.enabled=true | |
dbms.ssl.policy.https.base_directory=/var/lib/neo4j/certificates | |
dbms.ssl.policy.https.allow_key_generation=false | |
dbms.ssl.policy.https.private_key=/var/lib/neo4j/certificates/neo4j.key | |
dbms.ssl.policy.https.public_certificate=/var/lib/neo4j/certificates/neo4j.cert | |
dbms.ssl.policy.https.revoked_dir=/var/lib/neo4j/certificates/revoked | |
dbms.ssl.policy.https.client_auth=NONE | |
dbms.connectors.default_advertised_address=$MY_DOMAIN | |
" >> /etc/neo4j/neo4j.conf | |
service neo4j restart | |
' > /home/ubuntu/ssl-neo4j.sh | |
chmod +x /home/ubuntu/ssl-neo4j.sh |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment