gRPC bidirectional stream via proxied domain

I’ve been working on a service which uses gRPC bidirectional stream to upload files in chunks to my server. The proof-of-concept version of my application works OK if i don’t place it behind a “proxied” (orange-cloud) DNS record. If i do the upload stops in various places and the client fails with Received RST_STREAM with error code 2 after 60 seconds of waiting.

To reproduce the issue, i’ve created a minimal example here: GitHub - nothingam/grpc-hash-service . It’s a client-service architecture using bidi streams, where clients can send variable amount of data and the server side calculates its hash and responds back. It behaves the same as my original code: client randomly stops after sending a HashRequest and i can’t even see the request on the server side. Client fails receiving the next HashReponse after 60 seconds of waiting.
If i turn off “proxy-ing” it works OK.

Hi there,

Cloudflare has a 60-second idle timeout, after which it will terminate a connection if no data is sent. I suggest adjusting your server’s keepalive settings to send pings more frequently or apply keepalive at the application-level to ensure the connection doesn’t time out.

Take care.


Thanks for you response.

It doesn’t seem to be a ‘timeout issue’ or it shouldn’t be a least. There should be traffic on the channel (in both ways) all the time. It shouldn’t stop.

Hi there,

Have you checked if the requirements are met?

Your gRPC endpoint must listen on port 443.
Your gRPC endpoint must support TLS and HTTP/2.
HTTP/2 must be advertised over ALPN.
Use application/grpc or application/grpc+<message type (for example: application/grpc+proto) for the Content-Type header of gRPC requests.
Make sure that the hostname that hosts your gRPC endpoint: - Is set to proxied - Uses at least the Full SSL/TLS encryption mode.

Take care.


Yep, they’re all set according to that page.
However it works if the host is in ‘not-proxied’ status.


This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.