Wanted to setup a server at Vultr using my Laravel Forge account for a new WordPress customer of mine. Recommended Vultr as they are well represented in Australia. For this API key to work Vultr asks you to add the subnet of the location where the request comes from.
Laravel Forge’s Subnet
Had a real hard time finding the proper subnet or CIDR as I wrote at the Laracasts forum:
Vultr asks for a subnet, not an ip address. Seems Laravel Forge is on a Cloudflare ip range, but when I added it 104.26.0.0/20 I somehow still got blocked so I must be doing something wrong. Then I checked some again and via https://urlscan.io/ip/104.26.12.100 I saw the CIDR 104.16.0.0/12 and tried. No joy yet either. Then I found https://forge.helpscoutdocs.com/article/11-what-ip-addresses-do-i-need-to-whitelist-for-forge-to-have-access-to-my-server and added a CIDR for these two mentioned ip addresses: 159.203.0.0/16 and it still failed..
So I decided to look for help at the source..
Laravel Forge
I decided to ask Laravel Forge itself via their HelpScout Chat function and was told by Taylor himself that they normally request to accept requests from any endpoint to make this work.
Vultr and API Security
Vultr really discourages this from their security standpoint of view. They mention this when you are about to allow all ipv4 addresses to access the API
Are you sure you want to allow access from any IPv4 address? We recommend using a strict list of allowed hosts, in order to ensure the security of your account.
My Point of View
Of course when you have a solid API key and take well care of this it should not be a real issue. On the other hand, filtering on ip subnet and disallowing all the other blocks does save you a load of probes.
There is however an alternative way. You can temporarily allow full access, set up the server and then remove it all again.
All Access Test
We did an all access test and still had an error 400 or error meaning API location was not allowed. Decided to check current regions allowed
curl -H 'API-Key: xxxxxxxxxxxxxxxxx' https://api.vultr.com/v1/regions/list
{"6":{"DCID":"6","name":"Atlanta","country":"US","continent":"North America","state":"GA","ddos_protection":false,"block_storage":false,"regioncode":"ATL"},"2":{"DCID":"2","name":"Chicago","country":"US","continent":"North America","state":"IL","ddos_protection":true,"block_storage":false,"regioncode":"ORD"},"3":{"DCID":"3","name":"Dallas","country":"US","continent":"North America","state":"TX","ddos_protection":true,"block_storage":false,"regioncode":"DFW"},"5":{"DCID":"5","name":"Los Angeles","country":"US","continent":"North America","state":"CA","ddos_protection":true,"block_storage":false,"regioncode":"LAX"},"39":{"DCID":"39","name":"Miami","country":"US","continent":"North America","state":"FL","ddos_protection":true,"block_storage":false,"regioncode":"MIA"},"1":{"DCID":"1","name":"New Jersey","country":"US","continent":"North America","state":"NJ","ddos_protection":true,"block_storage":true,"regioncode":"EWR"},"4":{"DCID":"4","name":"Seattle","country":"US","continent":"North America","state":"WA","ddos_protection":true,"block_storage":false,"regioncode":"SEA"},"12":{"DCID":"12","name":"Silicon Valley","country":"US","continent":"North America","state":"CA","ddos_protection":true,"block_storage":false,"regioncode":"SJC"},"40":{"DCID":"40","name":"Singapore","country":"SG","continent":"Asia","state":"","ddos_protection":false,"block_storage":false,"regioncode":"SGP"},"7":{"DCID":"7","name":"Amsterdam","country":"NL","continent":"Europe","state":"","ddos_protection":true,"block_storage":false,"regioncode":"AMS"},"25":{"DCID":"25","name":"Tokyo","country":"JP","continent":"Asia","state":"","ddos_protection":false,"block_storage":false,"regioncode":"NRT"},"8":{"DCID":"8","name":"London","country":"GB","continent":"Europe","state":"","ddos_protection":true,"block_storage":false,"regioncode":"LHR"},"24":{"DCID":"24","name":"Paris","country":"FR","continent":"Europe","state":"","ddos_protection":true,"block_storage":false,"regioncode":"CDG"},"9":{"DCID":"9","name":"Frankfurt","country":"DE","continent":"Europe","state":"","ddos_protection":true,"block_storage":false,"regioncode":"FRA"},"22":{"DCID":"22","name":"Toronto","country":"CA","continent":"North America","state":"","ddos_protection":false,"block_storage":false,"regioncode":"YTO"},"19":{"DCID":"19","name":"Sydney","country":"AU","continent":"Australia","state":"","ddos_protection":false,"block_storage":false,"regioncode":"SYD"}}%
And I did see Sydney there listed still as it should with DCID 19.
When I compared that to the request by Laravel Forge that seemed fine
{provider: "vultr", credential: 63183, name: "sm-prod", size: "01", region: "19", nodeBalancer: false,…}
aws_subnet_id: ""
aws_vpc_id: ""
aws_vpc_name: ""
backups: false
credential: 63183
database: "forge"
database_type: "mysql"
ip_address: ""
name: "xx-prod"
nodeBalancer: false
php_version: "php73"
private_ip_address: ""
provider: "vultr"
recipe: ""
region: "19"
size: "01"
ssh_port: 22
timezone: "Asia/Jakarta"
Vultr Ticket
So we opened a ticket with them. Perhaps the old API settings still lingered? They initially simply mentioned this was an issue outside their network, but the fact that despite opening up to all I still kept getting an error 400 which means
Invalid API location. Check the URL that you are using.
And that could no longer be the case.
No Payment Method, No Deployments
Then checking the account status I saw that a payment method had not been added… And without it you cannot deploy servers!
You are almost ready to deploy servers – please link a payment method to get started!
So that was the issue. Once we had that taken care of all was fine and we could deploy from Laravel Forge
