search

rabbitmq / rabbitmq-server

Open source RabbitMQ: core server and tier 1 (built-in) plugins
https://www.rabbitmq.com/
Other
12.14k stars 3.9k forks source link

HTTP API listener only listens on IPv4 interfaces by default, and multiple listeners for HTTP API are not supported #11526

Open iqolome opened 3 months ago

iqolome commented 3 months ago

Describe the bug

It is not possible to enable both IPv4 and IPV6 listening at 15671

Version

rabbitmq-server 3.9.13

Reproduction steps

  1. fail 1
management.ssl.ip.1      = 0.0.0.0
management.ssl.ip.2      = ::

  1. fail 2 startup fail

    management.ssl.1      = 0.0.0.0:15671
management.ssl.2      = :::15671

  2. fail 3 startup fail

    management.ssl.ip     = 0.0.0.0
management.ssl.ip     = ::

  3. fail 4 only ipv4 

    management.ssl.ip     = 0.0.0.0

  4. fail 5 only ipv6

    management.ssl.ip     =::

Expected behavior

RabbitMQ Management Plugin Listening on Dual Stack (Both IPv4 and IPv6) Interfaces

Additional context

No response

iqolome commented 3 months ago

RabbitMQ Management Plugin Listening on Dual Stack (Both IPv4 and IPv6) Interfaces

dcorbacho commented 2 months ago

RabbitMQ 3.9.x is out of support. Please check https://www.rabbitmq.com/release-information

lukebakken commented 2 months ago

@dcorbacho I re-opened and edited the issue title because the actual issue is more generic, and still affects RabbitMQ.

Currently, it is not possible to specify multiple TCP or TLS listeners for the management HTTP server. This is the first time I've seen this issue brought up.

cc @michaelklishin @mkuratczyk because you two may have input.

Related issues:

michaelklishin commented 2 months ago

@lukebakken a quick test suggests that the HTTP API listener is different from the rest in a few ways, for example, it only listens on IPv4 interfaces by default while others listen on IPv6 (I suspect it's both stacks but lsof -p lists it as IPv6).

I do not recall this being a common request from paying customers or regular contributors, a much more common request is "please make sure everything works in IPv6-only environments", like we have seen for peer discovery recently.

Changing rabbitmq.conf schema one more time — and it is already complex and supports a couple of legacy formats — for the HTTP API sounds like a non-trivial hassle for little gain. But what likely can be done relatively easily is listening on all interfaces (for both stacks) while retaining the ability to override the port.

2526 is for TLS client options, so I don't see how that's relevant here?

lukebakken commented 2 months ago

Whoops, 2526 must have been in my clipboard. I've edited my comment.