HTTP API listener only listens on IPv4 interfaces by default, and multiple listeners for HTTP API are not supported

[iqolome]

Describe the bug

It is not possible to enable both IPv4 and IPV6 listening at 15671

Version

rabbitmq-server 3.9.13

Reproduction steps

1. fail 1

management.ssl.ip.1      = 0.0.0.0
management.ssl.ip.2      = ::

2. fail 2 startup fail

management.ssl.1      = 0.0.0.0:15671
management.ssl.2      = :::15671

2. fail 3 startup fail

management.ssl.ip     = 0.0.0.0
management.ssl.ip     = ::

2. fail 4 only ipv4

management.ssl.ip     = 0.0.0.0

2. fail 5 only ipv6

management.ssl.ip     =::

Expected behavior

RabbitMQ Management Plugin Listening on Dual Stack (Both IPv4 and IPv6) Interfaces

Additional context

No response

[iqolome]

RabbitMQ Management Plugin Listening on Dual Stack (Both IPv4 and IPv6) Interfaces

[dcorbacho]

RabbitMQ 3.9.x is out of support. Please check https://www.rabbitmq.com/release-information

[lukebakken]

@dcorbacho I re-opened and edited the issue title because the actual issue is more generic, and still affects RabbitMQ.

Currently, it is not possible to specify multiple TCP or TLS listeners for the management HTTP server. This is the first time I've seen this issue brought up.

cc @michaelklishin @mkuratczyk because you two may have input.

Related issues:

• Allow configuring multiple TCP listeners (non-TLS and TLS) rabbitmq-management#563
• https://www.pivotaltracker.com/story/show/135606833

[michaelklishin]

@lukebakken a quick test suggests that the HTTP API listener is different from the rest in a few ways, for example, it only listens on IPv4 interfaces by default while others listen on IPv6 (I suspect it's both stacks but lsof -p lists it as IPv6).

I do not recall this being a common request from paying customers or regular contributors, a much more common request is "please make sure everything works in IPv6-only environments", like we have seen for peer discovery recently.

Changing rabbitmq.conf schema one more time — and it is already complex and supports a couple of legacy formats — for the HTTP API sounds like a non-trivial hassle for little gain.
But what likely can be done relatively easily is listening on all interfaces (for both stacks)
while retaining the ability to override the port.

#2526 is for TLS client options, so I don't see how that's relevant here?

[lukebakken]

Whoops, 2526 must have been in my clipboard. I've edited my comment.

[iqolome]

@lukebakken a quick test suggests that the HTTP API listener is different from the rest in a few ways, for example, it only listens on IPv4 interfaces by default while others listen on IPv6 (I suspect it's both stacks but lists it as IPv6).lsof -p

I do not recall this being a common request from paying customers or regular contributors, a much more common request is "please make sure everything works in IPv6-only environments", like we have seen for peer discovery recently.

Changing schema one more time — and it is already complex and supports a couple of legacy formats — for the HTTP API sounds like a non-trivial hassle for little gain. But what likely can be done relatively easily is listening on all interfaces (for both stacks) while retaining the ability to override the port.rabbitmq.conf

#2526 is for TLS client options, so I don't see how that's relevant here?

I'm so sorry I didn't respond to the message in time, and I seem to have forgotten about it. My mailbox is always filled with all kinds of ads.

---

My initial requirement was to start the SSL protocol, listen to ipv4 and ipv6 at the same time, analyze the problem down,
Probably because of the configuration syntax limitations, this plugin itself supports both IPv4 and IPv6 listening.