无法调用托管在 traefik 反向代理后面的 grpc 服务器

Unable to call grpc server hosted behind traefik reverse proxy

我面临一个奇怪的问题,我无法在容器中调用 traefik 代理 运行 后面托管的 gRPC 服务器 http/2 和来自 asp.net 5 应用程序的自定义子域托管在另一个容器中,另一个容器映射到它。 我收到以下错误:

 Status(StatusCode="Unavailable", Detail="Error starting gRPC call. HttpRequestException: Connection timed out (subdomain:443) SocketException: Connection timed out", DebugException="System.Net.Http.HttpRequestException: Connection timed out (subdomain:443)

当我尝试从开发 docker-compose 调用相同的托管 gRPC 服务器时,它工作正常。 我尝试了不同的 Uri 地址组合(方案、主机和端口),这两种方法都是 Microsoft 在其网站上提供的调用 gRPC 服务器(控制台和 DI)的方法,我什至尝试将下面的 AppContext 设置为 true 但它看起来像托管应用无法开始通话。

 System.AppContext.SetSwitch("System.Net.Http.SocketsHttpHandler.Http2UnencryptedSupport");

grpc server的docker-compose为:

version: '3'
networks:
  web:
   external: true
  internal:
   external: false
services:
  grpcservice:
    image: <imagename:tag>
    labels:
      - traefik.protocol=h2c
      - traefik.backend=grpcservice
      - traefik.frontend.rule=Host:<subdomain>
      - traefik.docker.network=web
      - traefik.port=9001
    networks:
      - internal
      - web
    environment:
      - ASPNETCORE_ENVIRONMENT=Production
      - FilePath__FPath=<some file>
      - Auth0__Domain=<Domain>
      - Auth0__Audience=<Audience>
    restart: on-failure

Asp.net 5 App 的 docker-compose 是:

version: '3'
networks:
  web:
   external: true
  internal:
   external: false
services:
  aspapp:
    image: <imagename:tag>
    labels:
      - traefik.backend=aspapp
      - traefik.frontend.rule=Host:<domain>
      - traefik.docker.network=web
      - traefik.port=9000
    networks:
      - internal
      - web
    environment:
      - ASPNETCORE_ENVIRONMENT=Production
      <Auth0 envoirnment vairables>
    restart: on-failure

Traefik.toml 配置为:

defaultEntryPoints = ["http", "https"]
[entryPoints]
  [entryPoints.dashboard]
    address = ":8080"
    [entryPoints.dashboard.auth]
      [entryPoints.dashboard.auth.basic]
        users = ["Auth credentials"]
  [entryPoints.http]
    address = ":80"
      [entryPoints.http.redirect]
        entryPoint = "https"
  [entryPoints.https]
    address = ":443"
      [entryPoints.https.tls]

[api]
entrypoint="dashboard"

[acme]
email = "email"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
  [acme.httpChallenge]
  entryPoint = "http"

logLevel = "DEBUG"

[traefikLog]
  filePath = "traefik.log"
  format   = "json"

[docker]
domain = "domain"
watch = true
network = "web"

我只是无法理解为什么当我从托管应用程序和本地开发容器访问同一个 gRPC 服务器时会出现行为差异,我该如何解决?

这只是一个愚蠢的防火墙问题,阻止了容器 @ 443