I'm having trouble addressing Neo4j via a reverse proxy with NGINX.

The web client works without problems, but I have no idea about the Bolt protocol.

Here's how the web client works:

server {
    listen 80;
    server_name XXX;

    location / {
        proxy_pass http://YYY:7474/;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;
        proxy_buffering off;
    }
}

But how does the Bolt protocol over port 7687 work?

Thanks.

PS: Google translator ftw.

You need to use nginx compiled with --with-stream. Then you can add below section to your nginx config

stream {
  server {
    listen 7687;
    proxy_pass neo4j:7687;
  }
}

Basically you need to use tcp reverse proxy and not http proxy. The above configuration section will be at top level and not inside http or server block

You will need to open port 7687 between your laptop and the server hsoting neo4j.

If you are using let's encrypt and try to connect though SSL. neo4j embedded certificate were not signed by an Authority which was generating the error in my chrome browser.

To make it works, I had to copy my certs in neo4j certificates :

sudo su 
cp /etc/letsencrypt/live/MYDOMAIN/fullchain.pem /var/lib/neo4j/certificates/neo4j.cert 
cp /etc/letsencrypt/live/MYDOMAIN/privkey.pem /var/lib/neo4j/certificates/neo4j.key 
service neo4j restart