generated from Linkurious/docker-app-template
-
Notifications
You must be signed in to change notification settings - Fork 1
/
docker-compose.yml
52 lines (50 loc) · 2.4 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
---
version: '3.9'
services:
neo4j:
image: neo4j:${NEO4J_VERSION:-4.4.19-enterprise}
# depends_on:
# - plugins-neo4j
restart: unless-stopped
env_file: ".env.neo4j.v4.${RUN_ENV}"
user: "${NEO4J_USER:-7474}:${NEO4J_GROUP:-7474}"
environment:
- NEO4J_ACCEPT_LICENSE_AGREEMENT=yes
- NEO4J_dbms_allow__upgrade=true
# APOC plugin:
- NEO4J_dbms_security_procedures_unrestricted=apoc.\*
- NEO4J_apoc_export_file_enabled=true
- NEO4J_apoc_import_file_enabled=true
- NEO4J_apoc_import_file_use__neo4j__config=true
- NEO4J_apoc_trigger_enabled=true
# Communication:
- NEO4J_dbms_connector_https_advertised__address=${PREFIX}neo4j.${TRAEFIK_HOST}:443
- NEO4J_dbms_connector_bolt_advertised__address=${PREFIX}neo4jbolt.${TRAEFIK_HOST}:443
# Metrics:
- NEO4J_metrics_csv_enabled=false
- NEO4J_metrics_prometheus_enabled=true
- NEO4J_metrics_prometheus_endpoint=0.0.0.0:2004
# Log4shell mitigation
# - JAVA_TOOL_OPTIONS=-Dlog4j2.formatMsgNoLookups=true -Dlog4j2.disable.jmx=true
labels:
- "traefik.docker.network=traefik_network"
- "traefik.enable=true"
- "traefik.http.services.neo4j${PREFIX}secure.loadbalancer.server.port=7474"
- "traefik.http.routers.neo4j${PREFIX}secure.service=neo4j${PREFIX}secure"
- "traefik.http.routers.neo4j${PREFIX}secure.entrypoints=https,https_priv"
- "traefik.http.routers.neo4j${PREFIX}secure.rule=Host(`${PREFIX}neo4j.${TRAEFIK_HOST}`)"
- "traefik.http.routers.neo4j${PREFIX}secure.tls.certresolver=gandi-cr"
- "traefik.tcp.services.neo4j${PREFIX}bolt.loadbalancer.server.port=7687"
- "traefik.tcp.routers.neo4j${PREFIX}bolt.rule=HostSNI(`${PREFIX}neo4jbolt.${TRAEFIK_HOST}`)"
- "traefik.tcp.routers.neo4j${PREFIX}bolt.service=neo4j${PREFIX}bolt"
- "traefik.tcp.routers.neo4j${PREFIX}bolt.tls=true"
- "traefik.tcp.routers.neo4j${PREFIX}bolt.tls.certresolver=gandi-cr"
- "traefik.http.services.neo4j${PREFIX}metrics-secure.loadbalancer.server.port=2004"
- "traefik.http.routers.neo4j${PREFIX}metrics-secure.service=neo4j${PREFIX}metrics-secure"
- "traefik.http.routers.neo4j${PREFIX}metrics-secure.entrypoints=https_priv"
- "traefik.http.routers.neo4j${PREFIX}metrics-secure.rule=Host(`${PREFIX}m.${TRAEFIK_HOST_VPC}`)"
networks:
- traefik_network
networks:
traefik_network:
external: true