Neo4j 2026 Community on Ubuntu 24.04 on Azure User Guide

Overview

This guide covers the deployment and configuration of Neo4j 2026 Community on Ubuntu 24.04 on Azure using cloudimg Azure Marketplace images. Neo4j is the world's most-deployed graph database — used in fraud detection, knowledge graphs, recommendation engines, and increasingly in RAG / agentic AI pipelines as the backing store for agent memory and entity-relationship reasoning. Neo4j switched to calendar versioning (CalVer) in 2025; the 2026.x line is the current production release.

The image installs Neo4j Community Edition from the official debian.neo4j.com APT repo (stable suite, latest component). The Neo4j daemon runs under OpenJDK 21. At first boot, neo4j-firstboot.service rotates the default neo4j/neo4j superuser password to a per-VM 32-char hex password using neo4j-admin dbms set-initial-password (run BEFORE Neo4j first starts — required by neo4j-admin), starts the database, and writes the password to /stage/scripts/neo4j-credentials.log (mode 0600 root only).

What is included:

• Neo4j Community Edition (latest 2026.x at build time, 2026.04.0) from the official Apache APT suite

• OpenJDK 21 JRE headless (Neo4j 5.21+ / 2026.x requires Java 21)

• neo4j.service systemd unit auto-starting on boot

• neo4j-firstboot.service systemd oneshot that rotates the neo4j superuser password and writes /stage/scripts/neo4j-credentials.log

• cypher-shell CLI for Cypher query execution

• Bolt protocol on TCP 7687, HTTP browser UI on 7474, HTTPS browser UI on 7473

• server.default_listen_address=0.0.0.0 so customers can reach the Browser UI from outside the VM (NSG enforces access)

• Data directory /var/lib/neo4j (NOT /mnt — Azure ephemeral resource disk does not survive SIG capture)

• Ubuntu 24.04 LTS base with latest security patches

• Azure Linux Agent for seamless cloud integration and SSH key injection

• 24/7 cloudimg support with guaranteed 24 hour response SLA

Prerequisites

• An active Azure subscription, SSH public key, VNet + subnet in target region

• A subscription to the Neo4j 2026 Community on Ubuntu 24.04 listing on Azure Marketplace

Recommended virtual machine size: Standard_B2s (2 vCPU, 4 GB RAM) for development. Production graph workloads need Standard_E4s_v5 (4 vCPU, 32 GB RAM) or larger — Neo4j is heap-sensitive. Set dbms.memory.heap.max_size=8g and dbms.memory.pagecache.size=16g for production sizes.

Step 1: Deploy from the Azure Portal

Search Neo4j 2026 in Marketplace, select the cloudimg publisher entry, click Create.

NSG rules: TCP 22 from your management IP, TCP 7687 (Bolt) and TCP 7474 (HTTP browser) from your client IPs. Do not expose 7474 / 7687 to the public internet — front the browser with TLS at a reverse proxy or use HTTPS on 7473 with a real cert.

Step 2: Deploy from the Azure CLI

RG="neo4j-prod"; LOCATION="eastus"; VM_NAME="neo4j-01"
GALLERY_IMAGE_ID="/subscriptions/<sub-id>/resourceGroups/azure-cloudimg/providers/Microsoft.Compute/galleries/cloudimgGallery/images/neo4j-2026-ubuntu-24-04/versions/<version>"
SSH_KEY="$(cat ~/.ssh/id_rsa.pub)"
az group create --name "$RG" --location "$LOCATION"
az network vnet create -g "$RG" --name neo-vnet --address-prefix 10.99.0.0/16 --subnet-name neo-subnet --subnet-prefix 10.99.1.0/24
az network nsg create -g "$RG" --name neo-nsg
az network nsg rule create -g "$RG" --nsg-name neo-nsg --name allow-ssh --priority 100 \
  --source-address-prefixes "<your-mgmt-cidr>" --destination-port-ranges 22 --access Allow --protocol Tcp
az network nsg rule create -g "$RG" --nsg-name neo-nsg --name allow-bolt --priority 110 \
  --source-address-prefixes 10.99.0.0/16 --destination-port-ranges 7687 --access Allow --protocol Tcp
az network nsg rule create -g "$RG" --nsg-name neo-nsg --name allow-http --priority 120 \
  --source-address-prefixes 10.99.0.0/16 --destination-port-ranges 7474 --access Allow --protocol Tcp
az vm create -g "$RG" --name "$VM_NAME" --image "$GALLERY_IMAGE_ID" \
  --size Standard_B2s --storage-sku StandardSSD_LRS \
  --admin-username azureuser --ssh-key-values "$SSH_KEY" \
  --vnet-name neo-vnet --subnet neo-subnet --nsg neo-nsg --public-ip-sku Standard

Step 3: Connect via SSH

ssh azureuser@<vm-ip>

Both neo4j.service and neo4j-firstboot.service run automatically.

Step 4: Verify the Neo4j Service

sudo systemctl status neo4j.service --no-pager
sudo test -f /var/lib/cloudimg/neo4j-firstboot.done && echo FIRSTBOOT_DONE
sudo ss -tln | grep -E '(7474|7687|7473)'

You should see all three listeners bound.

Step 5: Retrieve the neo4j Password

sudo cat /stage/scripts/neo4j-credentials.log

You will see:

NEO4J_USER=neo4j
NEO4J_PASSWORD=<NEO4J_PASSWORD>
NEO4J_BOLT_URL=bolt://localhost:7687
NEO4J_HTTP_URL=http://localhost:7474

Step 6: Connect with cypher-shell

PASS=$(sudo grep '^NEO4J_PASSWORD=' /stage/scripts/neo4j-credentials.log | cut -d= -f2-)
cypher-shell -a bolt://localhost:7687 -u neo4j -p "${PASS}"

At the neo4j@neo4j> prompt, run a couple of Cypher queries:

CALL dbms.components() YIELD name, versions WHERE name = 'Neo4j Kernel' RETURN versions[0];
CREATE (a:Person {name: 'Alice'})-[:KNOWS]->(b:Person {name: 'Bob'});
MATCH (a:Person)-[:KNOWS]->(b:Person) RETURN a.name, b.name;

Type :exit to leave the shell.

Step 7: Open the Neo4j Browser UI

Neo4j ships a browser-based query interface — Neo4j Browser — at http://<vm-ip>:7474/. From your workstation (assuming NSG allows TCP 7474):

open http://<vm-ip>:7474/

The login screen asks for the connection URL (default bolt://<vm-ip>:7687), username (neo4j), and the per-VM password from /stage/scripts/neo4j-credentials.log:

After logging in, the main Browser editor loads. The left sidebar has Database info, the top has the Cypher editor, and the bottom is the result frame:

Type :sysinfo in the editor and press Ctrl+Enter to see system info — version, store sizes, page cache, and active databases:

Step 8: Connect from a Remote Application

From any host on the same VNet with a Neo4j driver installed:

Python (pip install neo4j):

from neo4j import GraphDatabase
driver = GraphDatabase.driver("bolt://<vm-private-ip>:7687", auth=("neo4j", "<NEO4J_PASSWORD>"))
with driver.session() as s:
    result = s.run("MATCH (n) RETURN count(n) AS total")
    print(result.single()["total"])
driver.close()

Java, JavaScript, Go, .NET drivers: see https://neo4j.com/docs/. All use the Bolt protocol on port 7687.

Step 9: Server Components

/usr/bin/neo4j --version

Step 10: Managing the Neo4j Service

sudo systemctl status neo4j.service --no-pager
sudo systemctl restart neo4j.service
sudo tail -f /var/log/neo4j/neo4j.log
sudo neo4j-admin server console     # foreground for debugging

Step 11: Security Recommendations

• Rotate the neo4j superuser password with ALTER USER neo4j SET PASSWORD '<new>' in cypher-shell

• Restrict NSG so 7474 / 7687 only reach trusted client networks; never the public internet

• Enable HTTPS for browser by configuring server.https.enabled=true and providing real certs in /var/lib/neo4j/certificates/

• Use TLS for Bolt with dbms.connector.bolt.tls_level=REQUIRED and proper cert chains

• Create application users with CREATE USER app_user SET PASSWORD '<pwd>' instead of using neo4j superuser for app traffic

• Back up /var/lib/neo4j/data with neo4j-admin database backup on a schedule

• Patch the OS monthly with apt-get update && apt-get upgrade && reboot

Step 12: Support and Licensing

Neo4j Community Edition is licensed under GPL-3.0. There is no per-node, per-CPU, or per-GB fee. Neo4j Enterprise (with multi-replica clustering, hot backups, advanced security, and many more features) requires a paid commercial license from Neo4j Inc. — this image ships Community only.

cloudimg provides commercial support for this image separately from the upstream project.

• Email: support@cloudimg.co.uk

• Website: www.cloudimg.co.uk

• Support hours: 24/7 with guaranteed 24 hour response SLA

Deploy on Azure

Launch Neo4j 2026 Community on Ubuntu 24.04 with 24/7 support from cloudimg.

View on Marketplace

Need Help?

Our support team is available 24/7.

support@cloudimg.co.uk