This page contains workarounds for common issues and information on how to diagnose other issues.
- If the container does not start, or immediately stops, use
docker logs graph-explorerto check the container console logs for any related error messages that might provide guidance on why graph-explorer did not start. - If you are having issues connecting graph-explorer to your graph database, use your browser's Developer Tools feature to monitor both the browser console and network calls to determine if here are any errors related to connectivity.
If the default ports of 80 and 443 are already in use, you can use the -p flag
to change the ports to something else. The host machine ports are the first of
the two numbers. You can change those to whatever you want.
For example, if you want to use port 8080 and 4431, you can use the following command:
docker run -p 8080:80 -p 4431:443 \
--name graph-explorer \
--env HOST=localhost \
public.ecr.aws/neptune/graph-explorer
Which will result in the following URLs:
- HTTPS:
https://localhost:4431/explorer - HTTP:
http://localhost:8080/explorer
If you do not want to use SSL and HTTPS, you can disable it by setting the following environment variables:
PROXY_SERVER_HTTPS_CONNECTION=false
GRAPH_EXP_HTTPS_CONNECTION=false
These can be passed when creating the Docker container like so:
docker run -p 80:80 \
--name graph-explorer \
--env PROXY_SERVER_HTTPS_CONNECTION=false \
--env GRAPH_EXP_HTTPS_CONNECTION=false \
public.ecr.aws/neptune/graph-explorer
If either of the Graph Explorer or the proxy-server are served over an HTTPS connection (which it is by default), you will have to bypass the warning message from the browser due to the included certificate being a self-signed certificate.
You can bypass by manually ignoring them from the browser or downloading the correct certificate and configuring them to be trusted. Alternatively, you can provide your own certificate.
The following instructions can be used as an example to bypass the warnings for Chrome, but note that different browsers and operating systems will have slightly different steps.
- Download the certificate directly from the browser. For example, if using Google Chrome, click the “Not Secure” section on the left of the URL bar and select “Certificate is not valid” to show the certificate. Then click Details tab and click Export at the bottom.
- Once you have the certificate, you will need to trust it on your machine. For MacOS, you can open the Keychain Access app. Select System under System Keychains. Then go to File > Import Items... and import the certificate you downloaded in the previous step.
- Once imported, select the certificate and right-click to select "Get Info". Expand the Trust section, and change the value of "When using this certificate" to "Always Trust".
- You should now refresh the browser and see that you can proceed to open the application. For Chrome, the application will remain “Not Secure” due to the fact that this is a self-signed certificate. If you have trouble accessing Graph Explorer after completing the previous step and reloading the browser, consider running a docker restart command and refreshing the browser again.
Tip
To get rid of the “Not Secure” warning, see Using self-signed certificates on Chrome.
This can happen for many reasons. Below are a few of the common ones.
There are multiple sources of timeouts.
- Database server
- Networking layer (load balancer, proxy, etc)
- Browser
- Graph Explorer connection configuration
The error you receive in Graph Explorer can interpret Neptune timeout errors and timeouts from Graph Explorer's configuration.
This can happen when your database is very large. Graph Explorer does its best to support larger databases and is always improving. Please file an issue if you encounter this situation.
Communication between the client and proxy server can be configured in different ways. When Graph Explorer proxy server starts up it will print out its best approximation of the correct public proxy server address.
This can manifest as different types of errors depending on the root cause. You may receive 404 not found responses or get connection refused errors.
- The proxy server can be hosting HTTP or HTTPS
- The port of the proxy server could be the default (i.e. 80 or 443 with SSL) or a specific port provided through environment values
- The proxy server paths are not exposed by the networking layer (load balancer,
proxy, firewall, etc)
- The client is hosted at
/explorerby default, which is configurable - Queries are handled via
/gremlin,/opencypher,/sparql - Summary APIs are handled via
/summary,/pg/statistics/summary,/rdf/statistics/summary - Logging is handled by
/logger - Default connection is handled by
/defaultConnection
- The client is hosted at
Important
The paths listed here could always change in the future. If they do change, we will note that in the release notes.
Inside of Graph Explorer there is an option to export all the configuration data that Graph Explorer uses. This data is local to the user’s browser and does not exist on the server.
To gather the config data:
- Launch Graph Explorer
- Navigate to the connections screen
- Press the “Settings” button in the navigation bar
- Select the “General” page within settings
- Press the “Save Configuration” button
- Choose where to save the exported file
This backup can be restored using the “Load Configuration” button in the same settings page.
The Graph Explorer proxy server outputs log statements to standard out. By default, these logs will be forwarded to CloudWatch if the Notebook has the proper permissions.
To gather these logs:
- Open the AWS Console
- Navigate to the Neptune page
- Select “Notebook” from the sidebar
- Find the Notebook hosting Graph Explorer
- Open the details screen for that Notebook
- In the “Actions” menu, choose “View Details in SageMaker”
- Press the “View Logs” link in the SageMaker details screen under the field titled “Lifecycle configuration”
- Scroll down to the “Log Streams” panel in the CloudWatch details where you should find multiple log streams
- For each log stream related to Graph Explorer (LifecycleConfigOnStart.log,
graph-explorer.log)
- Open the log stream
- In the “Actions” menu, choose “Download search results (CSV)”
New Neptune Notebooks automatically apply the correct IAM permissions to write to CloudWatch. If your Notebook does not automatically create a graph-explorer.log in the CloudWatch Log Streams, then it is possible that the Neptune Notebook was created before those IAM permissions were added. You’ll need to add those permissions manually.
Below are examples of which IAM permissions you need for Graph Explorer.