This is Mike Weiss, I’m a Senior Quality Engineer with Progressive Leasing. About a month ago we started having issues reaching the Jenkins plugin update center at: https://updates.jenkins.io/update-center.json
Our firewall engineer has confirmed the traffic is getting dropped by our spam filter, and has said he can allow the traffic from 128.24.70.119 (the update server), however they need to know if it’s only that IP that needs to be allowed or if it’s any domain that is tied to that IP address. If any of you have an answer to that question I’d appreciate it.
I’m adding the answer publicly here (in addition to my answer to your email @mweissprog ) so it can be shared with other Jenkins users.:
The Jenkins Update Center has multiple public IPs which may change over time. We try to avoid the changes as much as possible of course but we can’t be 100% sure.
It is most probably the reason of the issue you have: only one of the IPs is allowed.
The reason is that Update Center is in fact a mirror redirector and usually emits an HTTP redirects to an update center mirror close to your location.
Good news though, we provide an API, a bit lik the “GitHub meta API” which shows the IPs in use and it is updated daily:
The command curl --silent https://reports.jenkins.io/infrastructure/latest/index.json | jq -r '.["[updates.jenkins.io](http://updates.jenkins.io)"].servers' shows the list of servers which have to be allowed with their IPv4 and IPv6.
You can use this API endpoint to at least retrieve the IPs to allow. And even better: automate the firewall updates
