API Failover Architecture¶

Клиентские приложения используют многоуровневый failover для доступа к API. Это обеспечивает работу даже при блокировке отдельных серверов.

Desktop / Android / iOS
         ↓
API Proxy Servers (11 шт)
         ↓
212.70.189.60:5011 → 10.99.87.249:8080 (backend)

Failover по платформам¶

Desktop (Rust)¶

Шаг	Источник	Детали
1	Hardcoded	`api_credentials.rs` — 9 endpoints
2	Firebase Remote Config	Параметр `apis2`
3	DNS TXT	`apis2.shiwa.se` — 12 endpoints
4	Reset	Возврат к hardcoded

Persistence отсутствует — при перезапуске начинает с hardcoded.

Android (Kotlin)¶

Шаг	Источник	Детали
1	Firebase Remote Config	Параметр `api_proxies`
2	DNS TXT	`shiwa.se`
3	Hardcoded	`Utils.kt` — 20 endpoints

Есть persistence (SharedPreferences proxyUrls). DNS-результат объединяется с hardcoded.

iOS (Swift)¶

Шаг	Источник	Детали
1	Параллельный race	`bootstrapEndpoints` — 12 endpoints
2	Saved + Firebase	Параметр `api_proxies`
3	DNS TXT	`shiwa.se`

Есть persistence (Storage.apiUrls). Retry до 10 раз при timeout/SSL. Параллельный race ускоряет старт.

DNS TXT Records¶

Каждая платформа использует свой домен и свой формат Base64-JSON:

Платформа	Домен	JSON формат
Desktop	`apis2.shiwa.se`	`[["ip:port", "domain"], ...]`
Android	`shiwa.se`	`["https://url", ...]`
iOS	`shiwa.se`	`["https://url", ...]`

Регистратор: GoDaddy (domaincontrol.com). DNS управление: Nikita/Max.

Проверка:

# Android/iOS
dig TXT shiwa.se +short | base64 -d

# Desktop
dig TXT apis2.shiwa.se +short | base64 -d

Firebase Remote Config¶

Платформа	Проект Firebase	Параметр	Кол-во endpoints
Desktop	`shiva-vpn-desktop`	`apis2` (основной)	12
Android	`shiva-android-915b0`	`api_proxies`	20
iOS	`shiva-vpn-ios`	`api_proxies`	8

API Proxy серверы (11 активных)¶

IP	Домен	Провайдер	Локация
212.70.189.60	api.shivavpn.io, api.shiva-app.io	—	Latvia (основной)
51.250.29.101	api.shivavpn.com	Yandex Cloud	Russia (WL)
212.111.86.181	api-v2.shivavpn.io	VK Cloud	Russia (WL)
45.151.30.246	—	SberCloud	Russia
88.210.53.146	—	VDSina	Netherlands
79.110.52.167	—	MonoVM	Netherlands
2.56.125.33	—	TheHosting	Poland
94.131.111.10	—	TheHosting	Germany
45.159.248.55	—	TheHosting	UK
45.67.231.125	—	TheHosting	Netherlands
5.181.21.90	—	TheHosting	Austria

Все proxy ведут на: 212.70.189.60:5011 → 10.99.87.249:8080

Текущие значения DNS TXT¶

`apis2.shiwa.se` (Desktop)¶

Формат: [["ip:port", "domain"], ...] → Base64

[
  ["51.250.29.101:443", "51.250.29.101.sslip.io"],
  ["212.111.86.181:443", "212.111.86.181.sslip.io"],
  ["45.151.30.246:443", "45.151.30.246.sslip.io"],
  ["51.250.29.101:443", "api.shivavpn.com"],
  ["212.111.86.181:443", "api-v2.shivavpn.io"],
  ["88.210.53.146:443", "88.210.53.146.sslip.io"],
  ["2.56.125.33:443", "2.56.125.33.sslip.io"],
  ["94.131.111.10:443", "94.131.111.10.sslip.io"],
  ["45.159.248.55:443", "45.159.248.55.sslip.io"],
  ["45.67.231.125:443", "45.67.231.125.sslip.io"],
  ["79.110.52.167:443", "79.110.52.167.sslip.io"],
  ["212.70.189.60:443", "api.shivavpn.io"],
  ["212.70.189.60:443", "api.shiva-app.io"]
]

`shiwa.se` (Android + iOS)¶

Формат: ["https://url", ...] → Base64

[
  "https://51.250.29.101.sslip.io",
  "https://212.111.86.181.sslip.io",
  "https://45.151.30.246.sslip.io",
  "https://api.shivavpn.com",
  "https://api-v2.shivavpn.io",
  "https://88.210.53.146.sslip.io",
  "https://2.56.125.33.sslip.io",
  "https://94.131.111.10.sslip.io",
  "https://45.159.248.55.sslip.io",
  "https://45.67.231.125.sslip.io",
  "https://79.110.52.167.sslip.io",
  "https://api.shivavpn.io",
  "https://api.shiva-app.io"
]

Регистратор: GoDaddy (domaincontrol.com). DNS управление: Nikita/Max.

Текущие значения Firebase Remote Config¶

Обновлено: 29.12.2025 (убрана мёртвая Литва, добавлен Сбер)

Firebase проекты¶

Проект	ID	Параметр	Платформа	Кол-во endpoints
Shiva VPN Desktop	`shiva-vpn-desktop`	`apis2` (основной), `apis`	Desktop (Rust)	13
Shiva VPN Android	`shiva-android-915b0`	`api_proxies`	Android (Kotlin)	20
Shiva VPN iOS	`shiva-vpn-ios`	`api_proxies`	iOS (Swift)	8

iOS недоукомплектован

iOS имеет только 5 endpoints в старом значении Firebase. Обновлённое значение (whitelist первыми) содержит 8.

Desktop `apis2`¶

[["51.250.29.101:443","51.250.29.101.sslip.io"],["212.111.86.181:443","212.111.86.181.sslip.io"],["45.151.30.246:443","45.151.30.246.sslip.io"],["88.210.53.146:443","88.210.53.146.sslip.io"],["2.56.125.33:443","2.56.125.33.sslip.io"],["94.131.111.10:443","94.131.111.10.sslip.io"],["45.159.248.55:443","45.159.248.55.sslip.io"],["45.67.231.125:443","45.67.231.125.sslip.io"],["79.110.52.167:443","79.110.52.167.sslip.io"],["212.70.189.60:443","api.shivavpn.io"],["212.70.189.60:443","api.shivavpn.com"],["212.70.189.60:443","api-v2.shivavpn.io"],["212.70.189.60:443","api.shiva-app.io"]]

Desktop `apis`¶

{"51.250.29.101.sslip.io":["51.250.29.101:443"],"212.111.86.181.sslip.io":["212.111.86.181:443"],"45.151.30.246.sslip.io":["45.151.30.246:443"],"88.210.53.146.sslip.io":["88.210.53.146:443"],"2.56.125.33.sslip.io":["2.56.125.33:443"],"94.131.111.10.sslip.io":["94.131.111.10:443"],"45.159.248.55.sslip.io":["45.159.248.55:443"],"45.67.231.125.sslip.io":["45.67.231.125:443"],"79.110.52.167.sslip.io":["79.110.52.167:443"],"api.shivavpn.io":["212.70.189.60:443"],"api.shivavpn.com":["212.70.189.60:443"],"api-v2.shivavpn.io":["212.70.189.60:443"],"api.shiva-app.io":["212.70.189.60:443"]}

Android `api_proxies`¶

["https://51.250.29.101.sslip.io","https://212.111.86.181.sslip.io","https://45.151.30.246.sslip.io","https://88.210.53.146","https://88.210.53.146.sslip.io","https://2.56.125.33","https://2.56.125.33.sslip.io","https://94.131.111.10","https://94.131.111.10.sslip.io","https://45.159.248.55","https://45.159.248.55.sslip.io","https://45.67.231.125","https://45.67.231.125.sslip.io","https://79.110.52.167","https://79.110.52.167.sslip.io","https://api.shivavpn.io","https://api.shivavpn.com","https://api-v2.shivavpn.io","https://api.shiva-app.io"]

iOS `api_proxies`¶

["https://51.250.29.101.sslip.io","https://212.111.86.181.sslip.io","https://45.151.30.246.sslip.io","https://2.56.125.33.sslip.io","https://88.210.53.146.sslip.io","https://94.131.111.10.sslip.io","https://45.67.231.125.sslip.io","https://45.159.248.55.sslip.io"]

DNS A записи для доменных endpoints¶

Домен	IP	Примечание
api.shivavpn.io	212.70.189.60	Основной, заблокирован в РФ
api.shivavpn.com	51.250.29.101	Yandex Cloud — whitelist RU
api-v2.shivavpn.io	212.111.86.181	VK Cloud — whitelist RU
api.shiva-app.io	212.70.189.60	Зеркало, работает в РФ

Добавление нового proxy (без изменения кода)¶

Нужно обновить 4 источника:

DNS TXT shiwa.se (Android + iOS)
DNS TXT apis2.shiwa.se (Desktop)
Firebase api_proxies (Android + iOS)
Firebase apis2 (Desktop)

Способ	Desktop	Android	iOS
DNS TXT `apis2.shiwa.se`	✅	—	—
DNS TXT `shiwa.se`	—	✅	✅
Firebase `apis2`	✅	—	—
Firebase `api_proxies`	—	✅	✅
DNS A records	—	✅	✅

Desktop игнорирует DNS A records (использует hardcoded IP).

Проверка proxy¶

# Один сервер
curl -I https://88.210.53.146.sslip.io/api/v1/config/ping
# Ожидается HTTP/2 401 (сервер работает, но требует авторизации)

# Все proxy
for ip in 51.250.29.101 212.111.86.181 45.151.30.246 88.210.53.146 2.56.125.33 94.131.111.10 45.159.248.55 45.67.231.125 79.110.52.167; do
  echo -n "$ip: "
  curl -s -o /dev/null -w "%{http_code}" --connect-timeout 3 "https://$ip.sslip.io/api/v1/config/ping"
  echo
done

Ключевые файлы по платформам¶

Файл	Платформа	Содержимое
`desktop-alpha/shiva-api/src/api_credentials.rs:45-98`	Desktop	Hardcoded endpoints
`desktop-alpha/shiva-api/src/request_sender.rs:62-89`	Desktop	Логика failover
`android-app/feature/core/src/main/java/.../Utils.kt:30-51`	Android	Hardcoded endpoints
`android-app/app/src/.../SplashViewModel.kt:80-128`	Android	Failover логика
`ios-app/Shiva/Shiva/.../ConstantsAPI.swift:22-35`	iOS	Bootstrap endpoints
`ios-app/Shiva/Shiva/.../APIFetcherService.swift:50-75`	iOS	Failover + retry

Ссылки¶

Inventory proxy-серверов: inventory/proxy-servers.json
Инвентаризация серверов: docs/infrastructure/server-inventory.md