Unable to call grpc server hosted behind traefik reverse proxy

Question

I am facing a weird issue where I am unable to call gRPC server hosted behind traefik proxy running in a container with http/2 and a custom subdomain from asp.net 5 app also hosted in another container with another domain name mapped to it. I am getting the below error:

 Status(StatusCode="Unavailable", Detail="Error starting gRPC call. HttpRequestException: Connection timed out (subdomain:443) SocketException: Connection timed out", DebugException="System.Net.Http.HttpRequestException: Connection timed out (subdomain:443)

When I try to call the same hosted gRPC server from development docker-compose, it just works fine. I have tried different compositions of Uri address (scheme, host and port), both method provided by Microsoft on their website to call gRPC server (console and DI) and I have even tried to set the below AppContext to true but it seems like the hosted app is just unable to start the call.

 System.AppContext.SetSwitch("System.Net.Http.SocketsHttpHandler.Http2UnencryptedSupport");

The docker-compose of grpc server is:

version: '3'
networks:
  web:
   external: true
  internal:
   external: false
services:
  grpcservice:
    image: <imagename:tag>
    labels:
      - traefik.protocol=h2c
      - traefik.backend=grpcservice
      - traefik.frontend.rule=Host:<subdomain>
      - traefik.docker.network=web
      - traefik.port=9001
    networks:
      - internal
      - web
    environment:
      - ASPNETCORE_ENVIRONMENT=Production
      - FilePath__FPath=<some file>
      - Auth0__Domain=<Domain>
      - Auth0__Audience=<Audience>
    restart: on-failure

The docker-compose of Asp.net 5 App is:

version: '3'
networks:
  web:
   external: true
  internal:
   external: false
services:
  aspapp:
    image: <imagename:tag>
    labels:
      - traefik.backend=aspapp
      - traefik.frontend.rule=Host:<domain>
      - traefik.docker.network=web
      - traefik.port=9000
    networks:
      - internal
      - web
    environment:
      - ASPNETCORE_ENVIRONMENT=Production
      <Auth0 envoirnment vairables>
    restart: on-failure

Traefik.toml configs are:

defaultEntryPoints = ["http", "https"]
[entryPoints]
  [entryPoints.dashboard]
    address = ":8080"
    [entryPoints.dashboard.auth]
      [entryPoints.dashboard.auth.basic]
        users = ["Auth credentials"]
  [entryPoints.http]
    address = ":80"
      [entryPoints.http.redirect]
        entryPoint = "https"
  [entryPoints.https]
    address = ":443"
      [entryPoints.https.tls]

[api]
entrypoint="dashboard"

[acme]
email = "email"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
  [acme.httpChallenge]
  entryPoint = "http"

logLevel = "DEBUG"

[traefikLog]
  filePath = "traefik.log"
  format   = "json"

[docker]
domain = "domain"
watch = true
network = "web"

I am just unable to understand why there is a discrepancy in behaviour when I am accessing the same gRPC server from the hosted app and from local development container and how can I get around it?

Answer 1

It was just a stupid firewall issue that was blocking container out @ 443