-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: add neo4j service feat: add neo4j service feat: add neo4j service feat: add neo4j service
- Loading branch information
Showing
2 changed files
with
351 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,344 @@ | ||
| #***************************************************************** | ||
| # Neo4j configuration | ||
| # | ||
| # For more details and a complete list of settings, please see | ||
| # https://neo4j.com/docs/operations-manual/current/reference/configuration-settings/ | ||
| #***************************************************************** | ||
|
|
||
| # The name of the default database | ||
| #initial.dbms.default_database=neo4j | ||
|
|
||
| # Paths of directories in the installation. | ||
| server.directories.data=neo4j/data | ||
| server.directories.plugins=neo4j/plugins | ||
| server.directories.logs=neo4j/logs | ||
| server.directories.lib=neo4j/lib | ||
| server.directories.run=neo4j/run | ||
| server.directories.licenses=neo4j/licenses | ||
| server.directories.transaction.logs.root=neo4j/data/transactions | ||
|
|
||
| # This setting constrains all `LOAD CSV` import files to be under the `import` directory. Remove or comment it out to | ||
| # allow files to be loaded from anywhere in the filesystem; this introduces possible security problems. See the | ||
| # `LOAD CSV` section of the manual for details. | ||
| server.directories.import=import | ||
|
|
||
| # Whether requests to Neo4j are authenticated. | ||
| # To disable authentication, uncomment this line | ||
| #dbms.security.auth_enabled=false | ||
|
|
||
| # Anonymous usage data reporting | ||
| # To disable, uncomment this line | ||
| #dbms.usage_report.enabled=false | ||
|
|
||
| #******************************************************************** | ||
| # Memory Settings | ||
| #******************************************************************** | ||
| # | ||
| # Memory settings are specified kibibytes with the 'k' suffix, mebibytes with | ||
| # 'm' and gibibytes with 'g'. | ||
| # If Neo4j is running on a dedicated server, then it is generally recommended | ||
| # to leave about 2-4 gigabytes for the operating system, give the JVM enough | ||
| # heap to hold all your transaction state and query context, and then leave the | ||
| # rest for the page cache. | ||
|
|
||
| # Java Heap Size: by default the Java heap size is dynamically calculated based | ||
| # on available system resources. Uncomment these lines to set specific initial | ||
| # and maximum heap size. | ||
| #server.memory.heap.initial_size=512m | ||
| #server.memory.heap.max_size=512m | ||
|
|
||
| # The amount of memory to use for mapping the store files. | ||
| # The default page cache memory assumes the machine is dedicated to running | ||
| # Neo4j, and is heuristically set to 50% of RAM minus the Java heap size. | ||
| #server.memory.pagecache.size=10g | ||
|
|
||
| # Limit the amount of memory that all of the running transaction can consume. | ||
| # The default value is 70% of the heap size limit. | ||
| #dbms.memory.transaction.total.max=256m | ||
|
|
||
| # Limit the amount of memory that a single transaction can consume. | ||
| # By default there is no limit. | ||
| #db.memory.transaction.max=16m | ||
|
|
||
| #***************************************************************** | ||
| # Network connector configuration | ||
| #***************************************************************** | ||
|
|
||
| # With default configuration Neo4j only accepts local connections. | ||
| # To accept non-local connections, uncomment this line: | ||
| #server.default_listen_address=0.0.0.0 | ||
|
|
||
| # You can also choose a specific network interface, and configure a non-default | ||
| # port for each connector, by setting their individual listen_address. | ||
|
|
||
| # The address at which this server can be reached by its clients. This may be the server's IP address or DNS name, or | ||
| # it may be the address of a reverse proxy which sits in front of the server. This setting may be overridden for | ||
| # individual connectors below. | ||
| #server.default_advertised_address=localhost | ||
|
|
||
| # You can also choose a specific advertised hostname or IP address, and | ||
| # configure an advertised port for each connector, by setting their | ||
| # individual advertised_address. | ||
|
|
||
| # By default, encryption is turned off. | ||
| # To turn on encryption, an ssl policy for the connector needs to be configured | ||
| # Read more in SSL policy section in this file for how to define a SSL policy. | ||
|
|
||
| # Bolt connector | ||
| server.bolt.enabled=true | ||
| #server.bolt.tls_level=DISABLED | ||
| #server.bolt.listen_address=:7687 | ||
| #server.bolt.advertised_address=:7687 | ||
|
|
||
| # HTTP Connector. There can be zero or one HTTP connectors. | ||
| server.http.enabled=true | ||
| #server.http.listen_address=:7474 | ||
| #server.http.advertised_address=:7474 | ||
|
|
||
| # HTTPS Connector. There can be zero or one HTTPS connectors. | ||
| server.https.enabled=false | ||
| #server.https.listen_address=:7473 | ||
| #server.https.advertised_address=:7473 | ||
|
|
||
| # Number of Neo4j worker threads. | ||
| #server.threads.worker_count= | ||
|
|
||
| #***************************************************************** | ||
| # SSL policy configuration | ||
| #***************************************************************** | ||
|
|
||
| # Each policy is configured under a separate namespace, e.g. | ||
| # dbms.ssl.policy.<scope>.* | ||
| # <scope> can be any of 'bolt', 'https', 'cluster' or 'backup' | ||
| # | ||
| # The scope is the name of the component where the policy will be used | ||
| # Each component where the use of an ssl policy is desired needs to declare at least one setting of the policy. | ||
| # Allowable values are 'bolt', 'https', 'cluster' or 'backup'. | ||
|
|
||
| # E.g if bolt and https connectors should use the same policy, the following could be declared | ||
| # dbms.ssl.policy.bolt.base_directory=certificates/default | ||
| # dbms.ssl.policy.https.base_directory=certificates/default | ||
| # However, it's strongly encouraged to not use the same key pair for multiple scopes. | ||
| # | ||
| # N.B: Note that a connector must be configured to support/require | ||
| # SSL/TLS for the policy to actually be utilized. | ||
| # | ||
| # see: dbms.connector.*.tls_level | ||
|
|
||
| # SSL settings (dbms.ssl.policy.<scope>.*) | ||
| # .base_directory Base directory for SSL policies paths. All relative paths within the | ||
| # SSL configuration will be resolved from the base dir. | ||
| # | ||
| # .private_key A path to the key file relative to the '.base_directory'. | ||
| # | ||
| # .private_key_password The password for the private key. | ||
| # | ||
| # .public_certificate A path to the public certificate file relative to the '.base_directory'. | ||
| # | ||
| # .trusted_dir A path to a directory containing trusted certificates. | ||
| # | ||
| # .revoked_dir Path to the directory with Certificate Revocation Lists (CRLs). | ||
| # | ||
| # .verify_hostname If true, the server will verify the hostname that the client uses to connect with. In order | ||
| # for this to work, the server public certificate must have a valid CN and/or matching | ||
| # Subject Alternative Names. | ||
| # | ||
| # .client_auth How the client should be authorized. Possible values are: 'none', 'optional', 'require'. | ||
| # | ||
| # .tls_versions A comma-separated list of allowed TLS versions. By default only TLSv1.2 is allowed. | ||
| # | ||
| # .trust_all Setting this to 'true' will ignore the trust truststore, trusting all clients and servers. | ||
| # Use of this mode is discouraged. It would offer encryption but no security. | ||
| # | ||
| # .ciphers A comma-separated list of allowed ciphers. The default ciphers are the defaults of | ||
| # the JVM platform. | ||
|
|
||
| # Bolt SSL configuration | ||
| #dbms.ssl.policy.bolt.enabled=true | ||
| #dbms.ssl.policy.bolt.base_directory=certificates/bolt | ||
| #dbms.ssl.policy.bolt.private_key=private.key | ||
| #dbms.ssl.policy.bolt.public_certificate=public.crt | ||
| #dbms.ssl.policy.bolt.client_auth=NONE | ||
|
|
||
| # Https SSL configuration | ||
| #dbms.ssl.policy.https.enabled=true | ||
| #dbms.ssl.policy.https.base_directory=certificates/https | ||
| #dbms.ssl.policy.https.private_key=private.key | ||
| #dbms.ssl.policy.https.public_certificate=public.crt | ||
| #dbms.ssl.policy.https.client_auth=NONE | ||
|
|
||
| # Cluster SSL configuration | ||
| #dbms.ssl.policy.cluster.enabled=true | ||
| #dbms.ssl.policy.cluster.base_directory=certificates/cluster | ||
| #dbms.ssl.policy.cluster.private_key=private.key | ||
| #dbms.ssl.policy.cluster.public_certificate=public.crt | ||
|
|
||
| # Backup SSL configuration | ||
| #dbms.ssl.policy.backup.enabled=true | ||
| #dbms.ssl.policy.backup.base_directory=certificates/backup | ||
| #dbms.ssl.policy.backup.private_key=private.key | ||
| #dbms.ssl.policy.backup.public_certificate=public.crt | ||
|
|
||
| #***************************************************************** | ||
| # Logging configuration | ||
| #***************************************************************** | ||
|
|
||
| # To enable HTTP logging, uncomment this line | ||
| #dbms.logs.http.enabled=true | ||
|
|
||
| # To enable GC Logging, uncomment this line | ||
| #server.logs.gc.enabled=true | ||
|
|
||
| # GC Logging Options | ||
| # see https://docs.oracle.com/en/java/javase/11/tools/java.html#GUID-BE93ABDC-999C-4CB5-A88B-1994AAAC74D5 | ||
| #server.logs.gc.options=-Xlog:gc*,safepoint,age*=trace | ||
|
|
||
| # Number of GC logs to keep. | ||
| #server.logs.gc.rotation.keep_number=5 | ||
|
|
||
| # Size of each GC log that is kept. | ||
| #server.logs.gc.rotation.size=20m | ||
|
|
||
| #***************************************************************** | ||
| # Miscellaneous configuration | ||
| #***************************************************************** | ||
|
|
||
| # Determines if Cypher will allow using file URLs when loading data using | ||
| # `LOAD CSV`. Setting this value to `false` will cause Neo4j to fail `LOAD CSV` | ||
| # clauses that load data from the file system. | ||
| #dbms.security.allow_csv_import_from_file_urls=true | ||
|
|
||
|
|
||
| # Value of the Access-Control-Allow-Origin header sent over any HTTP or HTTPS | ||
| # connector. This defaults to '*', which allows broadest compatibility. Note | ||
| # that any URI provided here limits HTTP/HTTPS access to that URI only. | ||
| #dbms.security.http_access_control_allow_origin=* | ||
|
|
||
| # Value of the HTTP Strict-Transport-Security (HSTS) response header. This header | ||
| # tells browsers that a webpage should only be accessed using HTTPS instead of HTTP. | ||
| # It is attached to every HTTPS response. Setting is not set by default so | ||
| # 'Strict-Transport-Security' header is not sent. Value is expected to contain | ||
| # directives like 'max-age', 'includeSubDomains' and 'preload'. | ||
| #dbms.security.http_strict_transport_security= | ||
|
|
||
| # Retention policy for transaction logs needed to perform recovery and backups. | ||
| db.tx_log.rotation.retention_policy=2 days 2G | ||
|
|
||
| # Whether or not any database on this instance are read_only by default. | ||
| # If false, individual databases may be marked as read_only using dbms.database.read_only. | ||
| # If true, individual databases may be marked as writable using dbms.databases.writable. | ||
| #dbms.databases.default_to_read_only=false | ||
|
|
||
| # Comma separated list of JAX-RS packages containing JAX-RS resources, one | ||
| # package name for each mountpoint. The listed package names will be loaded | ||
| # under the mountpoints specified. Uncomment this line to mount the | ||
| # org.neo4j.examples.server.unmanaged.HelloWorldResource.java from | ||
| # neo4j-server-examples under /examples/unmanaged, resulting in a final URL of | ||
| # http://localhost:7474/examples/unmanaged/helloworld/{nodeId} | ||
| #server.unmanaged_extension_classes=org.neo4j.examples.server.unmanaged=/examples/unmanaged | ||
|
|
||
| # A comma separated list of procedures and user defined functions that are allowed | ||
| # full access to the database through unsupported/insecure internal APIs. | ||
| #dbms.security.procedures.unrestricted=my.extensions.example,my.procedures.* | ||
|
|
||
| # A comma separated list of procedures to be loaded by default. | ||
| # Leaving this unconfigured will load all procedures found. | ||
| #dbms.security.procedures.allowlist=apoc.coll.*,apoc.load.*,gds.* | ||
|
|
||
| #******************************************************************** | ||
| # JVM Parameters | ||
| #******************************************************************** | ||
|
|
||
| # G1GC generally strikes a good balance between throughput and tail | ||
| # latency, without too much tuning. | ||
| server.jvm.additional=-XX:+UseG1GC | ||
|
|
||
| # Have common exceptions keep producing stack traces, so they can be | ||
| # debugged regardless of how often logs are rotated. | ||
| server.jvm.additional=-XX:-OmitStackTraceInFastThrow | ||
|
|
||
| # Make sure that `initmemory` is not only allocated, but committed to | ||
| # the process, before starting the database. This reduces memory | ||
| # fragmentation, increasing the effectiveness of transparent huge | ||
| # pages. It also reduces the possibility of seeing performance drop | ||
| # due to heap-growing GC events, where a decrease in available page | ||
| # cache leads to an increase in mean IO response time. | ||
| # Try reducing the heap memory, if this flag degrades performance. | ||
| server.jvm.additional=-XX:+AlwaysPreTouch | ||
|
|
||
| # Trust that non-static final fields are really final. | ||
| # This allows more optimizations and improves overall performance. | ||
| # NOTE: Disable this if you use embedded mode, or have extensions or dependencies that may use reflection or | ||
| # serialization to change the value of final fields! | ||
| server.jvm.additional=-XX:+UnlockExperimentalVMOptions | ||
| server.jvm.additional=-XX:+TrustFinalNonStaticFields | ||
|
|
||
| # Disable explicit garbage collection, which is occasionally invoked by the JDK itself. | ||
| server.jvm.additional=-XX:+DisableExplicitGC | ||
|
|
||
| # Restrict size of cached JDK buffers to 1 KB | ||
| server.jvm.additional=-Djdk.nio.maxCachedBufferSize=1024 | ||
|
|
||
| # More efficient buffer allocation in Netty by allowing direct no cleaner buffers. | ||
| server.jvm.additional=-Dio.netty.tryReflectionSetAccessible=true | ||
|
|
||
| # Exits JVM on the first occurrence of an out-of-memory error. Its preferable to restart VM in case of out of memory errors. | ||
| # server.jvm.additional=-XX:+ExitOnOutOfMemoryError | ||
|
|
||
| # Expand Diffie Hellman (DH) key size from default 1024 to 2048 for DH-RSA cipher suites used in server TLS handshakes. | ||
| # This is to protect the server from any potential passive eavesdropping. | ||
| server.jvm.additional=-Djdk.tls.ephemeralDHKeySize=2048 | ||
|
|
||
| # This mitigates a DDoS vector. | ||
| server.jvm.additional=-Djdk.tls.rejectClientInitiatedRenegotiation=true | ||
|
|
||
| # Enable remote debugging | ||
| #server.jvm.additional=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005 | ||
|
|
||
| # This filter prevents deserialization of arbitrary objects via java object serialization, addressing potential vulnerabilities. | ||
| # By default this filter whitelists all neo4j classes, as well as classes from the hazelcast library and the java standard library. | ||
| # These defaults should only be modified by expert users! | ||
| # For more details (including filter syntax) see: https://openjdk.java.net/jeps/290 | ||
| #server.jvm.additional=-Djdk.serialFilter=java.**;org.neo4j.**;com.neo4j.**;com.hazelcast.**;net.sf.ehcache.Element;com.sun.proxy.*;org.openjdk.jmh.**;!* | ||
|
|
||
| # Increase the default flight recorder stack sampling depth from 64 to 256, to avoid truncating frames when profiling. | ||
| server.jvm.additional=-XX:FlightRecorderOptions=stackdepth=256 | ||
|
|
||
| # Allow profilers to sample between safepoints. Without this, sampling profilers may produce less accurate results. | ||
| server.jvm.additional=-XX:+UnlockDiagnosticVMOptions | ||
| server.jvm.additional=-XX:+DebugNonSafepoints | ||
|
|
||
| # Open modules for neo4j to allow internal access | ||
| server.jvm.additional=--add-opens=java.base/java.nio=ALL-UNNAMED | ||
| server.jvm.additional=--add-opens=java.base/java.io=ALL-UNNAMED | ||
| server.jvm.additional=--add-opens=java.base/sun.nio.ch=ALL-UNNAMED | ||
|
|
||
| # Enable access to JDK vector API | ||
| # server.jvm.additional=--add-modules=jdk.incubator.vector | ||
|
|
||
| # Disable logging JMX endpoint. | ||
| server.jvm.additional=-Dlog4j2.disable.jmx=true | ||
|
|
||
| # Limit JVM metaspace and code cache to allow garbage collection. Used by cypher for code generation and may grow indefinitely unless constrained. | ||
| # Useful for memory constrained environments | ||
| #server.jvm.additional=-XX:MaxMetaspaceSize=1024m | ||
| #server.jvm.additional=-XX:ReservedCodeCacheSize=512m | ||
|
|
||
| # Allow big methods to be JIT compiled. | ||
| # Useful for big queries and big expressions where cypher code generation can create large methods. | ||
| #server.jvm.additional=-XX:-DontCompileHugeMethods | ||
|
|
||
| #******************************************************************** | ||
| # Wrapper Windows NT/2000/XP Service Properties | ||
| #******************************************************************** | ||
| # WARNING - Do not modify any of these properties when an application | ||
| # using this configuration file has been installed as a service. | ||
| # Please uninstall the service before modifying this section. The | ||
| # service can then be reinstalled. | ||
|
|
||
| # Name of the service | ||
| server.windows_service_name=neo4j | ||
|
|
||
| #******************************************************************** | ||
| # Other Neo4j system properties | ||
| #******************************************************************** |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters