Controller Panel Inaccessible Upon HTTPS Setup

Trademark · 22 February 2024 16:10

OS Name/Version: Ubuntu 22.04.4 (Linux webserver 5.15.0-94-generic #104-Ubuntu SMP)

Product Name/Version: AMP Instance Manager v2.4.8

Problem Description:

Background: Server currently has a Nginx-served website hosted on it utilizing all standard ports for web traffic (80, 443, etc.) Upon attempting to install AMP with HTTPS, it fails some steps and HTTPS is not enabled and the subdomain I gave resolves to my main site. I ran “getamp postSetupHTTPS” and recompleted the HTTPS setup. The subdomain now attempts to resolve to the proper location, but I receive a 404 error.

Output of instances.json

[
  {
    "ExtraContainerPackages": [],
    "CustomMountBinds": {},
    "IsSharedInstance": false,
    "IsDaemonUserManaged": false,
    "HasOverlayApplied": false,
    "OverlayURL": null,
    "Daemon": false,
    "DaemonAutostart": true,
    "DeploymentArgs": {
      "FileManagerPlugin.SFTP.SFTPIPBinding": "0.0.0.0",
      "FileManagerPlugin.SFTP.SFTPPortNumber": "2223",
      "Core.Monitoring.MonitorPorts": "[{\"Protocol\":0,\"Port\":2223,\"Name\":\"SFTP Port\">
      "Core.Webserver.UsingReverseProxy": "True",
      "ADSModule.Defaults.DefaultAuthServerURL": "https://ctrl.iprave.com",
      "Core.Login.AuthServerURL": "http://localhost:8081/",
      "Core.Login.UseAuthServer": "False",
      "Core.Security.EnablePassthruAuth": "True",
      "ADSModule.Network.DefaultIPBinding": "0.0.0.0"
    },
    "PendingSettingChanges": null,
    "Plugins": [
      "FileManagerPlugin",
      "EmailSenderPlugin",
      "WebRequestPlugin",
      "LocalFileBackupPlugin",
      "CommonCorePlugin"
    ],
    "FriendlyName": "ADS",
    "Description": null,
    "Group": null,
    "IsHTTPS": false,
    "AMPVersion": {
      "Major": 2,
      "Minor": 4,
      "Build": 8,
      "Revision": 0,
      "MajorRevision": 0,
      "MinorRevision": 0
    },
    "AMPBuild": "20240129.1",
    "PreviousVersion": null,
    "PreviousBuild": null,
    "InstanceID": "6628ff2e-1344-4180-9f6a-a70f450631ef",
    "TargetID": "00000000-0000-0000-0000-000000000000",
    "CreatedBy": "00000000-0000-0000-0000-000000000000",
    "InstanceName": "ADS01",
    "IP": "127.0.0.1",
    "Module": "ADS",
    "ModuleDisplayName": null,
    "OS": 0,
    "Path": "/home/amp/.ampdata/instances/ADS01",
    "DiskUsageMB": 0,
    "Port": 8081,
    "Suspended": false,
    "Tags": [],
    "Tag": null,
    "User": "amp",
    "TagsUsedForConfiguration": false,
    "MatchVersion": false,
    "ReleaseStream": 10,
    "ManagementMode": 0,
    "ExcludeFromFirewall": false,
    "AutomaticUPnP": false,
    "IsContainerInstance": false,
    "UseHostModeNetwork": false,
    "ContainerMemoryMB": 0,
    "ContainerMemoryPolicy": 0,
    "ContainerCPUs": 0.0,
    "SpecificDockerImage": null,
    "ForceDocker": false,
    "DockerBaseReadOnly": false,
    "OverlayPath": null,
    "CustomPorts": [],
    "DatastoreId": -1,
    "DisplayImageSource": null,
    "LastReactivationAttempt": null
  }
]

Output of UFW Status:

Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere
587                        ALLOW       Anywhere
Anywhere                   DENY        218.92.0.61
Anywhere                   DENY        198.54.130.91
Anywhere                   DENY        198.54.135.84
Anywhere                   DENY        198.54.135.116
Anywhere                   DENY        198.54.135.52
Anywhere                   DENY        143.244.47.74
Anywhere                   DENY        45.134.142.228
Anywhere                   DENY        162.33.175.237
Anywhere                   DENY        3.78.225.68
Anywhere                   DENY        193.35.18.142
Anywhere                   DENY        3.120.238.174
Anywhere                   DENY        109.123.240.84
8081/tcp                   ALLOW       Anywhere                   # AMP Management Instance
2223/tcp                   ALLOW       Anywhere                   # AMP:ADS01:FileManagerPlugin.SFTP.SFTPPortNumber
Nginx Full                 ALLOW       Anywhere
443/tcp                    ALLOW       Anywhere                   # AMP Reverse Proxy
80/tcp                     ALLOW       Anywhere                   # AMP Reverse Proxy
OpenSSH (v6)               ALLOW       Anywhere (v6)
587 (v6)                   ALLOW       Anywhere (v6)
8081/tcp (v6)              ALLOW       Anywhere (v6)              # AMP Management Instance
2223/tcp (v6)              ALLOW       Anywhere (v6)              # AMP:ADS01:FileManagerPlugin.SFTP.SFTPPortNumber
Nginx Full (v6)            ALLOW       Anywhere (v6)
443/tcp (v6)               ALLOW       Anywhere (v6)              # AMP Reverse Proxy
80/tcp (v6)                ALLOW       Anywhere (v6)              # AMP Reverse Proxy

Steps to reproduce:

Configure separate site using nginx and configure https with certbot
Install AMP without any game server options and with HTTPS
Try to access using the pre-defined subdomain.

Actions taken to resolve so far:

Uninstall and Reinstall with the same settings
Reviewed documentation: Secure HTTPS with AMP and applied Option 1

Mike · 22 February 2024 16:51

What’s the output of ampinstmgr status as the amp user?

Trademark · 22 February 2024 16:52

[Info] AMP Instance Manager v2.4.8 built 29/01/2024 18:40
[Info] Stream: Mainline / Release - built by CUBECODERS/buildbot on CCL-DEV
Instance Name      │ Friendly Name    │ Module     │ IP              │ Port  │ Up
───────────────────┼──────────────────┼────────────┼─────────────────┼───────┼───
ADS01              │ ADS              │ ADS        │ 127.0.0.1       │ 8081  │ ✓

Mike · 22 February 2024 16:54

Show me your nginx config?

Trademark · 22 February 2024 16:57

Nginx.conf:

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
        worker_connections 768;
        # multi_accept on;
}

http {

        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        types_hash_max_size 2048;
        # server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # SSL Settings
        ##

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##

        gzip on;

        # gzip_vary on;
        # gzip_proxied any;
        # gzip_comp_level 6;
        # gzip_buffers 16 8k;
        # gzip_http_version 1.1;
        # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

        ##
        # Virtual Host Configs
        ##

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}


#mail {
#       # See sample authentication script at:
#       # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#       # auth_http localhost/auth.php;
#       # pop3_capabilities "TOP" "USER";
#       # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#       server {
#               listen     localhost:110;
#               protocol   pop3;
#               proxy      on;
#       }
#
#       server {
#               listen     localhost:143;
#               protocol   imap;
#               proxy      on;
#       }
#}

Mike · 22 February 2024 17:10

No I meant the one that is for the domain for AMP.

Trademark · 22 February 2024 17:15

#Generated by CubeCoders AMP for ADS
server {
    server_name ctrl.iprave.com;

    client_max_body_size 100M;
    proxy_request_buffering off;
    proxy_buffering off;
    proxy_pass_request_body on;

    location / {
        proxy_pass http://127.0.0.1:8080;
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $remote_addr;
        proxy_set_header        Upgrade $http_upgrade;
        proxy_set_header        Connection $http_connection;
        proxy_set_header        X-AMP-Scheme $scheme;
        proxy_read_timeout      86400s;
        proxy_send_timeout      86400s;
        proxy_http_version      1.1;
        proxy_redirect          off;
        proxy_buffering         off;
        client_max_body_size    10240M;
        error_page 502 503 504 /NotRunning.html;

        location = /NotRunning.html {
            if ($http_accept ~ json) {
                return 502 "{'Status': false, 'Reason':'This AMP instance is offline or in maintainence mode.','ErrorCode': 502, 'success': false, 'resultReason':'The authentication server is offline or in maintainence mode.'}";
            }
            root /opt/cubecoders/amp/shared/WebRoot;
            internal;
        }

        location /shared/ {
            alias /opt/cubecoders/amp/shared/WebRoot/;
        }
    }

    listen [::]:443 ssl http2 ipv6only=on; # managed by Certbot
    listen 443 ssl http2; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/ctrl.iprave.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/ctrl.iprave.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host = ctrl.iprave.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    listen [::]:80;
    server_name ctrl.iprave.com;
    return 404; # managed by Certbot


}

Fixed by changing port from 8080 to 8081 (what the installation is actually using).

system · 23 March 2024 17:15

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.