Cannot open first run in browser when asked to during install

Vanish · July 3, 2025, 11:35pm

OS Name/Version: Ubunut 24.04LTS

Product Name/Version: AMP 2.6.2

Problem Description: When running the installer it successfully completes everything, but when it prompts to login to the instance to complete first-time setup, the server gives an empty response.

Log of installation:

Installing AMP...
Creating system user...
Updating System...
Installing prerequisites...
Docker already installed. Skipping...
Installing nginx and certbot...
Adding component(s) 'universe' to all repositories.
Hit:1 http://repo.mysql.com/apt/ubuntu noble InRelease
Hit:2 https://mirror.hetzner.com/ubuntu/packages noble InRelease
Hit:3 https://mirror.hetzner.com/ubuntu/packages noble-updates InRelease
Hit:4 https://mirror.hetzner.com/ubuntu/packages noble-backports InRelease
Hit:5 https://mirror.hetzner.com/ubuntu/security noble-security InRelease
Hit:6 https://download.docker.com/linux/ubuntu noble InRelease
Hit:7 https://packages.redis.io/deb noble InRelease
Hit:8 http://ppa.launchpad.net/ondrej/nginx/ubuntu noble InRelease
Hit:9 http://ppa.launchpad.net/ondrej/php/ubuntu noble InRelease
Hit:10 https://cdn-repo.c7rs.com debian/ InRelease
Reading package lists... Done
Hit:1 http://repo.mysql.com/apt/ubuntu noble InRelease
Hit:2 https://mirror.hetzner.com/ubuntu/packages noble InRelease
Hit:3 https://mirror.hetzner.com/ubuntu/packages noble-updates InRelease
Hit:4 https://mirror.hetzner.com/ubuntu/packages noble-backports InRelease
Hit:5 https://download.docker.com/linux/ubuntu noble InRelease
Hit:6 https://mirror.hetzner.com/ubuntu/security noble-security InRelease
Hit:7 https://packages.redis.io/deb noble InRelease
Hit:9 http://ppa.launchpad.net/ondrej/nginx/ubuntu noble InRelease
Hit:8 https://cdn-repo.c7rs.com debian/ InRelease
Hit:10 http://ppa.launchpad.net/ondrej/php/ubuntu noble InRelease
Reading package lists... Done
Adding CubeCoders DEB repository...
Installing instance manager...
 - Installing via package manager...
Adding firewall rules...
Adding firewall rule for port 443 (AMP Reverse Proxy) via ufw...
Rule added
Rule added (v6)
Adding firewall rule for port 80 (AMP Reverse Proxy) via ufw...
Rule added
Rule added (v6)
[Info/1] AMP Instance Manager v2.6.2 built 17/06/2025 09:12
[Info/1] Stream: Mainline / Release - built by CUBECODERS/buildbot on CCL-DEV
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Certificate not yet due for renewal
Deploying certificate
Successfully deployed certificate for amp.vanishsvault.com to /etc/nginx/sites-enabled/no-default
Congratulations! You have successfully enabled HTTPS on https://amp.{domain}.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2025/07/03 17:34:06 [notice] 13521#13521: signal process started
[Info/1] Done!
Creating default instance...
[Info/1] AMP Instance Manager v2.6.2 built 17/06/2025 09:12
[Info/1] Stream: Mainline / Release - built by CUBECODERS/buildbot on CCL-DEV
Notice: --mirror is deprecated and no longer used.
[Activity/1] Audit: Unknown/None [CreateInstance] Creating instance ADS01 using ADS module on port 8080.
[Info/7] Downloading AMP from https://cdn-downloads.c7rs.com/AMP/Mainline/20250617.1/AMP_x86_64.zip...
[##################################################] ETA 00:00:00 @183.53 MiB/sec
[Info/13] Complete
[22:34:12] [Program Info/1]       : Starting AMP version 2.6.2.0 (Phobos), built 17/06/2025 09:10
[22:34:12] [Program Info/1]       : Stream: Mainline / Release - built by CUBECODERS/buildbot on CCL-DEV
[22:34:12] [Core Info/1]          : Loading configuration from provisionargs.kvp...
[22:34:12] [Program Info/1]       : Running in a QEMU KVM environment.
[22:34:12] [Program Warning/1]    : Current time zone is set to Central Standard Time - It is recommended you switch to UTC+0 to avoid time-zone related issues
[22:34:12] [Program Info/1]       : OS: Linux / x86_64
[22:34:12] [Program Info/1]       : CPU: AMD EPYC-Milan Processor (4C/8T)
[22:34:12] [Program Info/1]       : RAM: 31335MB
[22:34:12] [Program Info/1]       : AMP Instance ID:{GUID}
[22:34:12] [Program Info/1]       : Performing first-time setup for this instance, please wait...
[22:34:13] [Core Info/1]          : Loaded ADSModule version 2.6.2 by CubeCoders Limited
[22:34:13] [Loader Info/1]        : Loaded FileManagerPlugin by CubeCoders Limited
[22:34:13] [Loader Info/1]        : Loaded EmailSenderPlugin by CubeCoders Limited
[22:34:13] [Loader Info/1]        : Loaded WebRequestPlugin by CubeCoders Limited
[22:34:13] [Loader Info/1]        : Loaded CommonCorePlugin by CubeCoders Limited
[22:34:13] [Loader Info/1]        : ADSModule requests dependency InstanceManagerPlugin...
[22:34:13] [Loader Info/1]        : Loaded InstanceManagerPlugin by CubeCoders Limited
[22:34:13] [Loader Info/1]        : ADSModule requests dependency SystemUserManagerPlugin...
[22:34:13] [Loader Info/1]        : Loaded SystemUserManagerPlugin by CubeCoders Limited
[22:34:13] [Program Info/1]       : AMP has completed its first time setup. Saving settings and shutting down.
[Info/7] Waiting for AMP instance to start...
[Notice/7] AMP instance ADS01 is now running.
[Info/7] Instance created successfully!
[Notice/7] ADS01 is already running.
[Info/7] ## Please browse to the instance to complete first-time setup. ##
[Info/7] Please visit https://amp.{domain}.com to continue setup.
[Info/7] Or optionally, scan the below QR code to set up from a mobile device.
[Warning/7] -- Careful! Don't press CTRL+C to copy, that will abort the setup. Use Ctrl+Insert instead. --
[Info/7] Waiting for user to complete first-time setup in browser...

Steps to reproduce:

Step 1 - bash <(wget -qO- getamp.sh)
Step 2 - Wait for installer to do it’s thing
Step 3 - Open https://amp.{domain}.com in a browser (any browser)
Step 4 - Feel deflated when the server returns:

This page isn’t working

**amp.{domain}.com** didn’t send any data.

ERR_EMPTY_RESPONSE

Actions taken to resolve so far:

Resintalled, several times.
Performed nginx -t and it was successful
Moved the nginx config data from no-default config to amp.{domain}.com config
Symlinked amp.{domain}.com config from /etc/nginx/sites-available to /etc/nginx/sites-enabled
Performed nginx -t and it was successful
Switched to the AMP user and issued ampinstmgr lastlog ADS01:

[23:19:51] [Program Info/1]       : Starting AMP version 2.6.2.0 (Phobos), built 17/06/2025 09:10
[23:19:51] [Program Info/1]       : Stream: Mainline / Release - built by CUBECODERS/buildbot on CCL-DEV
[23:19:51] [Program Info/1]       : Running in a QEMU KVM environment.
[23:19:51] [Program Warning/1]    : Current time zone is set to Central Standard Time - It is recommended you switch to UTC+0 to avoid time-zone related issues
[23:19:51] [Program Info/1]       : OS: Linux / x86_64
[23:19:51] [Program Info/1]       : CPU: AMD EPYC-Milan Processor (4C/8T)
[23:19:51] [Program Info/1]       : RAM: 31335MB
[23:19:51] [Program Info/1]       : AMP Instance ID: 05f87d15-6e69-4533-a2b3-5ea353b6a60e
[23:19:52] [Core Info/1]          : Loaded ADSModule version 2.6.2 by CubeCoders Limited
[23:19:52] [Loader Info/1]        : Loaded FileManagerPlugin by CubeCoders Limited
[23:19:52] [Loader Info/1]        : Loaded EmailSenderPlugin by CubeCoders Limited
[23:19:52] [Loader Info/1]        : Loaded WebRequestPlugin by CubeCoders Limited
[23:19:52] [Loader Info/1]        : Loaded CommonCorePlugin by CubeCoders Limited
[23:19:52] [Loader Info/1]        : ADSModule requests dependency InstanceManagerPlugin...
[23:19:52] [Loader Info/1]        : Loaded InstanceManagerPlugin by CubeCoders Limited
[23:19:52] [Loader Info/1]        : ADSModule requests dependency SystemUserManagerPlugin...
[23:19:52] [Loader Info/1]        : Loaded SystemUserManagerPlugin by CubeCoders Limited
[23:19:52] [Loader Info/1]        : Loaded steamcmdplugin by CubeCoders Limited
[23:19:52] [ADS Info/1]           : Metrics server started OK on port 12820
[23:19:52] [Loader Info/1]        : ADS startup complete in 61ms
[23:19:52] [System Info/12]       : Updating remote source CubeCoders/AMPTemplates:main
[23:19:52] [System Info/12]       : Updating existing remote source https://github.com/CubeCoders/AMPTemplates.git...
No stash entries found.
[23:19:53] [Loader Notice/1]      : Using keypair with fingerprint i3JFM63IPNEAa581pwINDMy6DIrvGsZyUtomMobaxHE=
[23:19:53] [Loader Info/1]        : SFTP Server started on 0.0.0.0:2223
[23:19:53] [Core Info/1]          : Webserver started on http://0.0.0.0:8080
[23:19:53] [System Info/10]       : Checking for AMP updates...
[23:19:53] [System Info/10]       : AMP is up to date.

Greelan · July 3, 2025, 11:49pm

Is IPv6 enabled on your system?

Vanish · July 4, 2025, 12:08am

It is. Please tell me it isn’t that simple….

Greelan · July 4, 2025, 1:07am

If you edit the config that AMP created for your domain in /etc/nginx/conf.d/, change the proxy_pass line so that localhost is instead 127.0.0.1.

Then reload nginx (systemctl reload nginx).

Vanish · July 4, 2025, 2:10am

Sadly, nothing has worked. I removed all IPv6 entries in the nginx configs and firewall. No joy. I then looked in the conf.d file and it was proxy_pass was already set to 127.0.0.1.

In frustration I reprovisionmed the server, removed all IPv6 garbagfe from everywhere and ensured inet6 wasn’t running and would never restart, reinstalled AMP and I’m right back in the exact same boat.

Something I did notice though: when I installed AMP is STILL added IPv6 rules to the firewall. Makes me wonder if it tried adding it to the cert too.

Greelan · July 4, 2025, 2:24am

Does Hetzner have an external firewall? If so, have you allowed port 443/tcp?

Vanish · July 4, 2025, 2:38am

It does, but I have it disabled. I have other websites that use ssl and they work fine.

I’m still poking around. When I log into the server I’m still seeing an IPv6 address assigned to etho, even though running cat /proc/sys/net/ipv6/conf/all/disable_ipv6 returns 1 which means ipv6 is disabled.

I created an rc.local file that disables IPv6 on kernel load. It worked and I no longer see an IPv6 address added to eth0. Still can’t access AMP though.

Greelan · July 4, 2025, 2:50am

Don’t get too hung up on IPv6. That was just a sanity check to ensure nginx was reverse proxying on IPv4 only. You confirmed it was, so that goes away as a possible issue

Vanish · July 4, 2025, 2:52am

Ah. ok. Good to know. Hmm. UFW shows this:

Status: active

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere
80                         ALLOW       Anywhere
443                        ALLOW       Anywhere
443/tcp                    ALLOW       Anywhere                   # AMP Reverse Proxy
80/tcp                     ALLOW       Anywhere                   # AMP Reverse Proxy
12820/udp                  ALLOW       Anywhere                   # AMP:ADS01:ADSModule.Network.MetricsServerPort
8080/tcp                   ALLOW       Anywhere                   # AMP:ADS01:Core.Webserver.Port

AMP shows this:

[Info/1] AMP Instance Manager v2.6.2 built 17/06/2025 09:12
[Info/1] Stream: Mainline / Release - built by CUBECODERS/buildbot on CCL-DEV
Instance Name      │ Friendly Name    │ Module     │ IP              │ Port  │ Up
───────────────────┼──────────────────┼────────────┼─────────────────┼───────┼───
ADS01              │ ADS01            │ ADS        │ 0.0.0.0         │ 8080  │ ✓

Greelan · July 4, 2025, 2:54am

I can hit your site directly on http at port 8080 but not via https on 443. You said you’ve got other sites functioning, I assume with the same nginx installation. They may be interfering

Vanish · July 4, 2025, 2:57am

Yep, they’re all on the same nginx. Not sure I understand how they could interfere. They each have a separate config file.

Thanks for letting me know it is working on http. Makes me feel a little better at least. LOL.

Greelan · July 4, 2025, 3:02am

I’m assuming nginx.conf has the standard include directive for conf.d, so that the amp config is actually being picked up?

Vanish · July 4, 2025, 3:07am

Huh. Good catch. It actually did not have the directive. I added it but still no luck.

Greelan · July 4, 2025, 3:10am

And reload nginx?

Run nginx -t to check for conflicts?

Vanish · July 4, 2025, 3:19am

Ok, nginx -t was fine before I made the include directive for conf.d since adding that I get 2 errors that my domains already exists so it is skipping it.

Thanks for being patient with me. I haven’t done sysadmin in a few years now. Feeling very rusty.

2025/07/04 03:15:20 [warn] 2800#2800: conflicting server name "{sub}.{domain}.com" on 0.0.0.0:80, ignored
2025/07/04 03:15:20 [warn] 2800#2800: conflicting server name "{sub}.{domain}.com" on 0.0.0.0:80, ignored

Greelan · July 4, 2025, 3:22am

Remove the one you added to sites-enabled/sites-available

Vanish · July 4, 2025, 3:25am

I already did. I think it’s conflicting with the changes AMP made to no-default.

Greelan · July 4, 2025, 3:39am

Don’t know what you mean by that. All AMP does is add a config for the specific domain/subdomain you specify in conf.d.

You likely have a server block in another conf that covers the same subdomain, either explicitly or by wildcard, hence the conflict

Vanish · July 4, 2025, 3:41am

When I was installing AMP there were messages about updating the no-default config. Might have been during the certbot install. That’s where the conflict is.

If I remove that block from there and just go with the conf.d config it only set up port 80.

Greelan · July 4, 2025, 4:01am

I’ve not encountered that before.

Sounds like you may not have had a default server config enabled and so certbot tries to be “helpful” by creating one