The IP address of my server on Vercel has been blocked in my country

Help
1

Hello Vercel Support,
I need urgent technical assistance. My domain theame.ru is attached to a Vercel project (theame-volggas-projects-6eb1c42d.vercel.app). I’ve been trying to make the domain reliably accessible from Russia for a week; my business is effectively blocked and I’ve exhausted simple workarounds. I wanted to give you full context and the exact steps we tried so you can advise the fastest correct way to resolve this (or make a small change on the Vercel side).
Short summary / ask
I want theame.ru to serve as the primary domain for my Vercel project and be accessible to users in Russia.
Because some Vercel IPs are partially blocked in Russia, I tried to keep the site deployed on Vercel but proxy traffic through my own VPS (Moscow) so Russian users hit the VPS and the VPS fetches content from Vercel.
That proxy flow triggers Vercel-side mitigation: requests proxied from my VPS receive 403 + x-vercel-challenge-token or redirect to the .vercel.app host. I need help either:
Advising exact DNS / nameserver configuration so Vercel will accept the domain without triggering the challenge when proxied; or
Guiding how to authorize/whitelist my VPS (IP 94.103.84.28) as a trusted forwarder/proxy/origin so proxying traffic does not trigger challenge/403 (or explaining why this is not possible and the recommended alternative).
I am ready to dedicate my VPS for tests and provide logs, curl output, or temporary SSH for troubleshooting.
Full chronology + technical details (what we did & observed)
Domain / registrar / DNS
Domain: theame.ru (registered at REG.RU).
At various times DNS returned different IPs:
64.29.17.65 and 216.198.79.65 (old values seen before changes).
I temporarily tested 89.111.222.33 (my mistake — it was an incorrect IP during testing).
VPS real IP (where nginx runs): 94.103.84.28 (Moscow, VDSina).
Vercel recommended A example shown in dashboard: 216.198.79.1 (screenshot in dashboard).
Initially the domain used Vercel nameservers (ns1.vercel-dns.com / ns2.vercel-dns.com). We later managed DNS in Vercel panel and added A records pointing to my VPS while removing the Vercel ALIAS records.
VPS / nginx / proxy
VPS OS: Ubuntu 24.04.
Nginx installed and used as reverse-proxy to Vercel. Key excerpts of the final nginx config we used (file: /etc/nginx/sites-available/theame.ru):

HTTP → redirect to HTTPS and ACME-challenge served

server {
listen 80;
server_name theame.ru www.theame.ru;
location /.well-known/acme-challenge/ { root /var/www/html; }
return 301 https://theame.ru$request_uri;
}

HTTPS main server (proxy to Vercel)

server {
listen 443 ssl http2;
server_name theame.ru;
ssl_certificate /etc/letsencrypt/live/theame.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/theame.ru/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
resolver 1.1.1.1 8.8.8.8 valid=300s ipv6=off;
set $vercel_upstream https://theame-volggas-projects-6eb1c42d.vercel.app;
# keep Host as theame.ru for outward requests to avoid redirect on Vercel,
# but use SNI for TLS handshake to vercel upstream
proxy_set_header Host theame.ru;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_ssl_server_name on;
proxy_ssl_name theame-volggas-projects-6eb1c42d.vercel.app;
location / {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
proxy_pass $vercel_upstream;
}
}
Let’s Encrypt / Certbot
Because I needed HTTPS on the VPS side, I used Certbot (webroot) and successfully obtained certificates:
/etc/letsencrypt/live/theame.ru/fullchain.pem (issued and saved)
Certificate successfully deployed to nginx.
Certbot output: Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/theame.ru/fullchain.pem … This certificate expires on 2026-01-22. Certbot has set up a scheduled task to automatically renew this certificate.
Errors / Vercel responses observed
When I proxied traffic to Vercel with the above config, curl to https://theame.ru returned:
HTTP/2 403
server: nginx/1.24.0 (Ubuntu)
x-vercel-challenge-token: <…>
x-vercel-id: arn1::…
x-vercel-mitigated: challenge
This indicates Vercel’s mitigation/challenge mechanism triggering when requests come from my VPS IP.
At other times, if Host header or proxy_set_header was not set as desired, Vercel redirected to:
https://theame-volggas-projects-6eb1c42d.vercel.app/ — which breaks the desired canonical domain.
Manual tests / diagnostic commands (examples I ran from the VPS)
dig +short theame.ru → returned the current DNS A (should report VPS IP if configured that way)
curl -I https://theame.ru → returned HTTP/2 403 + x-vercel-challenge-token (as above)
curl -I https://theame-volggas-projects-6eb1c42d.vercel.app → reachable from VPS (Vercel responds)
sudo nginx -t → config OK
sudo systemctl status nginx → nginx active and listening on 0.0.0.0:80/443
What I tried to fix this (summary)
Replaced Vercel ALIAS records with A records pointing to my VPS in the Vercel DNS panel so the domain resolves to my VPS.
Adjusted proxy_set_header Host (I tried both theame.ru and theame-volggas-projects-…vercel.app) and used proxy_ssl_name to ensure SNI to Vercel upstream is the vercel project domain.
Successfully issued HTTPS certs on VPS with Certbot.
Verified that nginx is listening on ports and that externally curl timed out earlier (this was solved after correcting DNS to point to the VPS IP and adjusting VDSina firewall settings).
Despite all adjustments, Vercel still returns 403 + challenge for proxied requests from my VPS IP.
Requests / questions for Vercel support
Please could you advise / do one of the following:
Exact DNS/nameserver guidance
If Vercel requires me to set NS to ns1.vercel-dns.com / ns2.vercel-dns.com (or a specific set), tell me exactly which records should exist at the registrar (REG.RU) so the domain is validated/accepted and Vercel will stop issuing a challenge when traffic is proxied from a verified forwarder. Screenshots show Vercel suggested A @ 216.198.79.1 in my dashboard; please confirm the exact authoritative values to add at REG.RU so we can finalize DNS.
Authorize my VPS as trusted forwarder/proxy
If Vercel provides a way to authorize an origin/proxy IP (e.g., whitelist or “trusted forwarder” option), please provide the steps to register IP 94.103.84.28 (Moscow). I can provide request logs, curl outputs, or temporary SSH access for you to reproduce the issue from my VPS. This will allow VPS → Vercel proxy without the challenge.
If Vercel prefers DNS under Vercel
If the intended solution is to manage DNS entirely at Vercel (nameservers change), please confirm the minimal actions on my side and whether that fully resolves the challenge problem. If so, I will change NS at REG.RU to the exact Vercel NS you intend and re-run tests.
If none of the above possible, recommended workaround
If Vercel cannot support proxying from an external VPS in the desired way, please point me to the recommended, supported architecture to ensure availability in Russia (e.g., host static assets via CDN that is reachable in Russia + keep dynamic site on Vercel, or recommended third-party CDN that integrates with Vercel and is reachable in Russia).
Attach logs / outputs (pasteable)
curl -I https://theame.ru → returns HTTP/2 403 + x-vercel-challenge-token: …
Certbot success: Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/theame.ru/fullchain.pem
nginx test: nginx: configuration file /etc/nginx/nginx.conf test is successful
VPS IP: 94.103.84.28 (Moscow, VDSina)
Closing (personal note)
I’m exhausted after a week of attempts and would be extremely grateful for a short, concrete checklist or a tiny Vercel-side change (e.g., guidance or whitelisting) so I can restore full service. My business depends on this site and it has been down/unavailable in Russia — I really want to continue using Vercel because I can’t replicate all platform features elsewhere easily. I’m ready to run tests, provide full logs, or temporarily grant access if that helps.
Thank you for your time and help. I appreciate anything actionable you can provide.
Best regards,

I have already read all the messages related to such situations on your site, and I see that you most often advise contacting local regulators, but in my case, I will not be able to do so, as they will simply ignore me 99% of the time. But I have already written to them, and they are already ignoring me.