Encryption/trust can only be configured either through URL or config
linojon opened this issue · comments
not sure which grandstack project to post this. I ran into an error and neo4j support said its an issue in the grandstack code. Here's the thread
hi first time trying to connect to a new aura db getting this message "Error: Encryption/trust can only be configured either through URL or config, not both" I've tried uncommenting NEO4J_ENCRYPTED=true in .env file, same thing.
Using a GRANDstack project, pretty much default scripts.
12:34:09 api | D:\Documents\GrandStackProjects\grandnuggets\api\node_modules\neo4j-driver\lib\index.js:291
12:34:09 api | throw new Error('Encryption/trust can only be configured either through URL or config, not both');
12:34:09 api | ^
12:34:09 api |
12:34:09 api | Error: Encryption/trust can only be configured either through URL or config, not both
12:34:09 api | at Object.driver (D:\Documents\GrandStackProjects\grandnuggets\api\node_modules\neo4j-driver\lib\index.js:291:13)
12:34:09 api | at Object. (D:\Documents\GrandStackProjects\grandnuggets\api\src/index.js:39:22)
12:34:09 api | at Module._compile (internal/modules/cjs/loader.js:1137:30)
12:34:09 api | at Module._compile (D:\Documents\GrandStackProjects\grandnuggets\api\node_modules\pirates\lib\index.js:99:24)
12:34:09 api | at Module._extensions..js (internal/modules/cjs/loader.js:1157:10)
12:34:09 api | at Object.newLoader [as .js] (D:\Documents\GrandStackProjects\grandnuggets\api\node_modules\pirates\lib\index.js:104:7)
12:34:09 api | at Module.load (internal/modules/cjs/loader.js:985:32)
12:34:09 api | at Function.Module._load (internal/modules/cjs/loader.js:878:14)
12:34:09 api | at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:71:12)
12:34:09 api | at Object. (D:\Documents\GrandStackProjects\grandnuggets\api\node_modules@babel\node\lib_babel-node.js:174:21)
12:34:09 api | [nodemon] app crashed - waiting for file changes before starting...
.env
NEO4J_URI=neo4j+s://d8f7f930.databases.neo4j.io
NEO4J_USER=neo4j
| Cory Waddingham (Neo4j Aura) Dec 11, 2020, 19:15 GMT+1 Hi Jonathan, Thanks for opening this from the community Slack conversation. What appears to be happening is that the GRANDStack is passing an encryption variable, which isn't needed when using the neo4j+s URI scheme. So whether encryption is set to True or False, it causes an error. However, changing the URI to use neo4j instead and setting NEO4J_ENCRYPTED=true allows it to connect successfully. Please try that and let us know if you run into any other issues. I'll also post this in Slack. Thanks, Cory |
|---|
@linojon agree this needs to be fixed to ease the startup process, but you can work-around this by setting the URL to be the neo4j:// form instead of the neo4j+s:// form for Aura. In Neo4j drivers, neo4j+s:// specifies to require SSL and a valid cert. In combination with neo4j-graphql-js using explicit encryption config, this is making the driver unhappy. Switching to a neo4j:// URL fixes immediately.
@moxious would this also solve this issue for seeding the db? Tried encryption, no encryption, but it doesn't "just work" out of the box
@whatSocks it might solve it. I think you can still use a bolt+routing:// URL instead of neo4j+s and it would probably work with encryption set to TRUE. Note that Aura always requires encryption on the connection. The only thing here is it can be confusing because the URL Aura tells people to use (neo4j+s) clashes with GRANDStack's requirements to separate set the encryption flag
To resolve this we've removed the option and associated environment variable to specify an encrypted driver connection. Instead, this should be specified by using the neo4j+s:// scheme in the Neo4j connection string.
Also, in the create-grandstack-app CLI the prompt for encrypted connection has been removed and this line added to indicate the neo4j+s:// scheme should be used instead.
...
? Enter the connection string for Neo4j
(use neo4j+s:// or bolt+s:// scheme for encryption):
...