Create neo4j 4.0 deployment (run it in aws ec2 ubuntu)

neo4j-4.0-ubuntu.sh

#!/usr/bin/env bash
wget -O - https://debian.neo4j.com/neotechnology.gpg.key | sudo apt-key add -
echo 'deb https://debian.neo4j.com stable 4.0' | sudo tee /etc/apt/sources.list.d/neo4j.list
apt-get update
apt-get -y install neo4j
cd /var/lib/neo4j/plugins || exit
wget https://github.com/neo4j-contrib/neo4j-apoc-procedures/releases/download/4.0.0.2/apoc-4.0.0.2-all.jar
echo 'dbms.security.procedures.unrestricted=apoc.*' >> /etc/neo4j/neo4j.conf
echo 'dbms.default_listen_address=0.0.0.0' >> /etc/neo4j/neo4j.conf
service neo4j restart

# RESTART ON REBOOT PART
cp /usr/bin/neo4j /etc/init.d/neo4j
# shellcheck disable=SC2016
echo '#!/bin/sh

        OWNER=root #Set to the owner of the Neo4j installation

        case "$1" in
        "start")
            su - $OWNER -c "service neo4j start"
            ;;
        "stop")
            su - $OWNER -c "service neo4j stop"
            ;;
        "restart")
            su - $OWNER -c "service neo4j restart"
            ;;
        *)
            echo "Usage: $0 { start | stop | restart }"
            exit 1
            ;;
        esac
        exit 0
' > /etc/init.d/neo4j_ctl
chmod 744 /etc/init.d/neo4j_ctl
# export RUNLEVEL_STR="$(/sbin/runlevel)"
# export RUNLEVEL="${RUNLEVEL//[!0-9]/}"
# ln -s /etc/init.d/neo4j_ctl "/etc/rc${RUNLEVEL}.d/S40neo4j_ctl"
ln -s /etc/init.d/neo4j_ctl /etc/rc3.d/S40neo4j_ctl
ln -s /etc/init.d/neo4j_ctl /etc/rc5.d/S40neo4j_ctl
ln -s /etc/init.d/neo4j_ctl /etc/rc0.d/K30neo4j_ctl

# SSL PART
apt-get update
apt-get install software-properties-common
add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install -y certbot

# shellcheck disable=SC2016
echo '#!/usr/bin/env bash
# run "sudo certbot certonly" to obtain ssl certificates, afterwards run /home/ubuntu/ssl-neo4j.sh

sudo chgrp -R neo4j /etc/letsencrypt/*
sudo chmod -R g+rx /etc/letsencrypt/*
cd /var/lib/neo4j/certificates
sudo mkdir -p revoked trusted bak/trusted bak/revoked
sudo mv neo4j.* bak
sudo mv trusted/neo4j.*  bak/trusted
sudo mv revoked/neo4j.*  bak/revoked
export MY_DOMAIN=graph.somehost.com
sudo ln -s /etc/letsencrypt/live/$MY_DOMAIN/fullchain.pem neo4j.cert
sudo ln -s /etc/letsencrypt/live/$MY_DOMAIN/privkey.pem neo4j.key
sudo ln -s /etc/letsencrypt/live/$MY_DOMAIN/fullchain.pem trusted/neo4j.cert
echo "
dbms.connector.https.enabled=true
# need something else to do to make bolt tls work too
bolt.ssl_policy=default
dbms.ssl.policy.bolt.enabled=true
dbms.ssl.policy.bolt.base_directory=/var/lib/neo4j/certificates
dbms.ssl.policy.bolt.allow_key_generation=false
dbms.ssl.policy.bolt.private_key=/var/lib/neo4j/certificates/neo4j.key
dbms.ssl.policy.bolt.public_certificate=/var/lib/neo4j/certificates/neo4j.cert
dbms.ssl.policy.bolt.revoked_dir=/var/lib/neo4j/certificates/revoked
dbms.ssl.policy.bolt.client_auth=NONE
dbms.ssl.policy.https.enabled=true
dbms.ssl.policy.https.base_directory=/var/lib/neo4j/certificates
dbms.ssl.policy.https.allow_key_generation=false
dbms.ssl.policy.https.private_key=/var/lib/neo4j/certificates/neo4j.key
dbms.ssl.policy.https.public_certificate=/var/lib/neo4j/certificates/neo4j.cert
dbms.ssl.policy.https.revoked_dir=/var/lib/neo4j/certificates/revoked
dbms.ssl.policy.https.client_auth=NONE
dbms.connectors.default_advertised_address=$MY_DOMAIN
" >> /etc/neo4j/neo4j.conf

service neo4j restart
' > /home/ubuntu/ssl-neo4j.sh

chmod +x /home/ubuntu/ssl-neo4j.sh