Suggestion: a public list of the IP addresses of the shields.io servers

[Changaco]

It seems that shields.io was recently moved to different servers, which resulted in Liberapay badges not working anymore, because the API requests coming from the new servers were being blocked by a firewall. A public and up-to-date list of the IP addresses of shields.io servers, similar to Cloudflare's list, could be used to ensure that requests for data used to generate badges aren't unintentionally blocked.

[PyvesB]

Hello @Changaco ! 👋🏻

Sorry to hear about these issues! Heroku has stopped sponsoring us recently, which has put Shields.io in a difficult position. I believe that @chris48s is experimenting with a new host provider over the course of the weekend, this may well explain your observations here and in #7573. This is only temporary for the time being, we'll communicate more widely about any changes and document the IP ranges of our hypothetical new host once we come to a final decision. 😉

[chris48s]

Yes. Today Shields is hosted on DigitalOcean App Platform but I'm going to move everything back to Heroku again in the next couple of days.

Just to give a bit more background on why this is happening and why it is happening now:

For the last year or two Shields has been hosted on Heroku and the nice folks at Heroku had been sponsoring us with platform credits. This has been a great arrangement for us. We appreciated the sponsorship and Heroku has been a great platform for us. As of January this year, Heroku have withdrawn their sponsorship. No bad blood, but as of this month we're paying the Heorku bill in full.

We have a pretty good buffer in OpenCollective, so we can continue doing this in the short term but fundamentally our monthly Heroku costs are higher than the amount of donations that come in each month so it is not a sustainable position in the long term. We're now evaluating other options. We need to either move to a cheaper platform where we can cover the monthly costs ourselves from OC donations on an ongoing basis, or we need to find another platform willing to sponsor us. Staying on Heroku and covering the costs is not a viable option in the long term.

This weekend I've been collecting some data on what kind of setup we need on DO App Platform to serve our production workload. We're probably going to do a similar test for a few days with fly.io at some point too. The exact scheduling of these events is going to be a bit ad-hoc. Shields is a volunteer-run project and these experiments are going to happen when someone on the core team has the time and energy to do it and that may not be entirely predictable. We'll try to minimise disruption as much as possible but there may be one or two bumps in the road unfortunately :(

At some point in future shields is likely to move permanently to a new host, but at the moment we don't know where/when.

---

Anyhoo...

In general, we don't recommend upstream APIs allow/deny traffic from us or apply/lift a rate limit based on IP addresses/ranges as these are subject to change (even within Heroku we have no input on what IPs traffic is going to come from - Heroku could change that and its outside our control). Since our move to Heroku we no longer publish this info in the repo. Tbh, I thought we had no more services doing this, but it seems not :(
If you want to allow us to connect to your API or give us a higher/lower rate limit than other users, the ideal solution for us would be that you issue us a key or token we can connect with and apply/lift limits based on that instead of using IP ranges. Would this be a viable solution for you/liberapay? That would remove this issue and is the approach we use with all other services we pull data from.

Cheers

[calebcartwright]

Going to close as the topic appears to have been resolved