How can I access a container instance that has a private IP?

Question

Hi!

I have a container instance running an image of a Neo4J database. I don't want expose my Neo4j to public internet, but I want to be able to use the Neo4J browser to verify the data or execute queries on spot. For this I need to be able to make a connection to my private network.

So my problem is as follows:

• I can not access my container if i dont give my container a public IP
• If I give my container a public IP it is exposed

Is there a way to set up Azure Bastion or something else to securely access my Neo4j and keep the IP of Neo4J private?

Answer 1

Yep, your use case is a fairly common scenario - here are a few options that rely on having Azure Container Instance deployed into an Azure VNet:

Option 1: Azure Bastion + Jump Host

If you want browser access to Neo4j Browser (which uses HTTP/WebSockets):

1. Create a VM (Jump Host) inside the same VNet as your container.
2. Install a lightweight browser or use ssh -L port forwarding from this VM.
3. Access Neo4j from the VM’s browser locally.

Option 2: Private endpoint + Azure VPN or ExpressRoute

If you have an on-prem network or local dev environment and want to access Neo4j from there:

1. Deploy the ACI in a VNet.
2. Set up a VPN Gateway or ExpressRoute to your Azure VNet.
3. Connect to Neo4j’s private IP over the VPN from your local environment.

Option 3: Use Azure Application Gateway or Azure Firewall with IP Restrictions

If browser access is a must and you can't set up a VPN or jump host:

1. Deploy an Application Gateway or Azure Firewall in front of your container.
2. Restrict access to only your office IP or specific IP ranges.
3. Expose only necessary ports (7474 for HTTP, 7687 for Bolt if needed).
4. Use Web Application Firewall (WAF) to add security.

---

If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

hth

Marcin