Can't connect to DB using `latest` image: SessionExpired: WebSocket connection failure. Due to security constraints in your web browser, the reason for the failure is not available to this Neo4j Driver
Closed this issue Β· 12 comments
Environment
- Windows 10
- Docker Desktop (version 2.2.0.4 Engine 19.3.8 Compose 1.24.4)
- Browser: Brave
Steps to reproduce
- Get latest image:
docker pull neo4j - Run:
docker run \
--publish=7474:7474 --publish=7687:7687 \
--volume=$HOME/neo4j/data:/data \
--env=NEO4J_AUTH=none \
--env SECURE_FILE_PERMISSIONS=yes \
--name my_neo4j \
neo4j
- Connect to browser at localhost:7474
- Regardless of which connection method I use ("no authentication" or user/pass) I get the same error message:
SessionExpired: WebSocket connection failure. Due to security constraints in your web browser, the reason for the failure is not available to this Neo4j Driver
I tried following a much earlier report to uncomment a line in the conf file, but cannot get VI to work inside the container shell.
What am I missing?
@TravelingTechGuy The docker run command you provided should work without needing to modify the conf (assuming the database in $HOME/neo4j/data isn't broken somehow).
I have a feeling that error could be caused by a browser setting.
Could you start a neo4j container without mounting anything:
docker run \
--publish=7474:7474 --publish=7687:7687 \
--env=NEO4J_AUTH=none \
neo4j
Then see if cypher-shell can connect to it:
docker run --network host neo4j cypher-shell "CALL dbms.procedures;"
That should test whether the error is coming from the system browser.
That seems to work @jennyowen!
But I've used this browser with previous images, and would like yo use it with Neo4J 4. What do I need to do in order to get the browser to work with this image?
Can now report getting the same error in FireFox and Edge (classic, not Chromium based).
Turning off Windows firewall does not help.
Full error message (since the one of the screen is truncated):
SessionExpired: WebSocket connection failure. Due to security constraints in your web browser, the reason for the failure is not available to this Neo4j Driver. Please use your browsers development console to determine the root cause of the failure. Common reasons include the database being unavailable, using the wrong connection URL or temporary network problems. If you have enabled encryption, ensure your browser is configured to trust the certificate Neo4j is configured to use. WebSocket `readyState` is: 3
Edge conole:
SCRIPT12029: SCRIPT12029: WebSocket Error: Network Error 12029, A connection with the server could not be established
FF console:
Firefox canβt establish a connection to the server at ws://0.0.0.0:7687/. neo4j-driver.chunkhash.bundle.js:1:2423
Source map error: Error: request failed with status 404
Resource URL: http://localhost:7474/browser/
Source Map URL: ../sourcemaps/inpage.js.map
Brave (Chromium) console:
WebSocket connection to 'ws://0.0.0.0:7687/' failed: Error in connection establishment: net::ERR_ADDRESS_INVALID
r @ neo4j-driver.chunkhash.bundle.js:1
Followed instructions in this help article. Could not find the value dbms.connector.bolt.address in neo4j.conf, but found dbms.connector.bolt.listen_address instead.
Used VI to uncomment the line and change it to: dbms.connector.bolt.listen_address=0.0.0.0:7687.
Restarted the container a couple of times - still same web socket error. Clearly not the solution π.
@TravelingTechGuy I showed your issue to our browser and drivers teams and they think it's caused by the address 0.0.0.0 being automatically resolved to localhost in Unix, but not Windows.
It's these specific docker overrides that are probably causing the problem:
https://github.com/neo4j/docker-neo4j-publish/blob/56d28624bc264497ed7fae8253a52a92611c6fee/4.0.2/community/docker-entrypoint.sh#L408-L415
Could you please confirm this on your machine? This is how:
- get a copy of neo4j.conf:
docker run -it --rm \
--publish=7474:7474 --publish=7687:7687 \
--env=NEO4J_AUTH=none \
--volume=$HOME/neo4j/conf:/conf \
--user="$(id -u):$(id -g)" \
neo4j dump-config
- edit the neo4j.conf file. At the bottom of the file will be a few overrides for
dbms.connector.https.advertised_address,dbms.connector.http.advertised_addressanddbms.connector.bolt.advertised_address. Delete those. - Start neo4j again and pass it the new configuration file:
docker run -it --rm \
--publish=7474:7474 --publish=7687:7687 \
--env=NEO4J_AUTH=none \
--volume=$HOME/neo4j/conf:/conf \
--user="$(id -u):$(id -g)" \
neo4j
- Can you connect to Neo4j in your browser?
@jennyowen It doesn't seem to work. Even though I removed the lines from the conf file, they get recreated somehow when I run the container again?
I've bashed into the running container and verified the 3 deleted lines are back again. Running the container with the mapped volume didn't seem to work - it seems like it reads the conf file from somewhere else.
To clarify:
I ran the first command, got the conf file, deleted the 3 lines, ran the container with the 2nd command, couldn't connect, bashed into container - the 3 lines are back in conf/neo4j.conf, exited and verified that the 3 lines are still deleted in my local version.
I think something replaces the conf file inside the container, or adds these 3 lines if it cannot find them.
Argh so sorry, that's my mistake. I forgot that the entrypoint will just re-add the unset parameters.
The configuration priority FYI is default neo4j settings < docker default overrides < configuration file settings < environment overrides.
So! If we set the advertised addresses via environment then it should all work. No config file required.
- Could you try running this:
docker run -it --rm \
--publish=7474:7474 --publish=7687:7687 \
-e NEO4J_dbms_connector_https_advertised__address="localhost:7473" \
-e NEO4J_dbms_connector_http_advertised__address="localhost:7474" \
-e NEO4J_dbms_connector_bolt_advertised__address="localhost:7687" \
--env=NEO4J_AUTH=none \
neo4j
Does that allow you to connect with the browser?
- Can you connect with the browser if you start neo4j like this?
docker run -it --rm \
--publish=7474:7474 --publish=7687:7687 \
-e NEO4J_dbms_connector_https_advertised__address=":7473" \
-e NEO4J_dbms_connector_http_advertised__address=":7474" \
-e NEO4J_dbms_connector_bolt_advertised__address=":7687" \
--env=NEO4J_AUTH=none \
neo4j
I'm getting a fix ready #241 but it still needs more windows testing.
I tried both - and they both work! I can now connect to the browser, and run the demo code.
Will look forward to the fix, but in the meantime, I got the image working! Thanks!
@TravelingTechGuy that's great! Thanks for letting me know. I don't think the fix will make it into 4.0.3 unfortunately but maybe 4.0.4.
Neo4j 4.0.4 has finally been released! It should fix your problem and I'm going to close the issue now. Thanks for your patience!
@jennyowen just pulled latest image (4.0.4), ran it, and logged in without issues!
Thanks for solving this issue, and I learned a lot about the image, the DB, and the way defaults are respected along the way. I consider this a well-worth-it journey!
Using docker-compose on a publicly-available VPS, and I'm happy to say that this works:
ports:
- "${NEO4J_HTTP_PORT}:7474"
- "${NEO4J_HTTPS_PORT}:7473"
- "${NEO4J_BOLT_PORT}:7687"
environment:
- NEO4J_dbms_connector_https_advertised__address=${EXTERNAL_IP}:${NEO4J_HTTPS_PORT}
- NEO4J_dbms_connector_http_advertised__address=${EXTERNAL_IP}:${NEO4J_HTTP_PORT}
- NEO4J_dbms_connector_bolt_advertised__address=${EXTERNAL_IP}:${NEO4J_BOLT_PORT}
(For those who don't know: ${VARNAME} are variables in an .env file)
I'm able to view the browser and connect to it (without hacks π) over the alternate port number defined by NEO4J_HTTP_PORT. πππ