Graylog binds to tcp6 when ipv4 address specified in http_bind_address

1. Describe your incident:
We’re Installing Graylog Open 6.0 in a two server configuration on a security hardened Oracle Linux 8 OS. When we start the graylog-server service, it binds to a tcp6 address even though we set http_bind_address to an ipv4 address.

2. Describe your environment:

  • OS Information:
    Oracle Linux 8 with security hardening applied (SELinux, firewalld)

  • Package Version: (RPMs installed locally - no internet access)
    graylog-server-6.0.7-1.x86_64.rpm
    mongodb-org-7.0.14-1.el8.x86_64.rpm
    opensearch-2.15.0-linux-x64.rpm

  • Service logs, configurations, and environment variables:

cat /etc/graylog/server/server.conf | grep http_bind_address
http_bind_address = 0.0.0.0:9000

netstat -tulpn | grep java
tcp6 0 0 :::9000 :::* LISTEN 1140387/java

3. What steps have you already taken to try and solve the problem?
Set SELinux to Permissive
Disabled ipv6

4. How can the community help?
Is there any way to coerce graylog-server to bind to tcp instead of tcp6?

It is probably an OS level issue, mixed with Java being weird, it does some weird stuff. This may help fix your issue Make Linux Prefer IPv4 | lkiesow::weblog

Thanks for the tip! Unfortunately, adjusting the getaddressinfo precedence did not work - it still binds to tcp6:

cat /etc/gai.conf
label ::1/128 0
label ::/0 1
label 2002::/16 2
label ::/96 3
label ::ffff:0:0/96 4
precedence ::1/128 50
precedence ::/0 40
precedence 2002::/16 30
precedence ::/96 20
precedence ::ffff:0:0/96 100

netstat -tulpn | grep java
tcp6 0 0 :::9000 :::* LISTEN 1950/java

Is it not working though on the v4 address, most modern OSs support dual stack and so although it says its ipv6 its actually listening on both?

It is in fact working/listening on both. There’s a different reason why we didn’t notice this earlier, but we were able to test it successfully on ipv4. Thanks a bunch for your assistance!