Skip to content

Setting up secure HTTP with AMP

Jump to bottom Edit New page
Bryant edited this page Dec 18, 2019 · 36 revisions

There are a number of methods that can be used to set up secure HTTP (HTTPS) within AMP depending on your use case.

Note that with AMP Enterprise, use of HTTPS is mandatory.

Reverse proxy via nginx (Recommended, Linux only)

If you use the default GetAMP.sh setup script, this is handled for you automatically. If you need to do this after the fact, then you simply run the following as root:

ampinstmgr setupnginx my.domain.com 8080

Where 8080 is the port that ADS is currently bound to. This will automatically configure nginx and run certbot to secure the domain.

Internal HTTPS implementation

AMP has built in support for HTTPS with its internal application server. AMP requires a certificate in PFX format with a passphrase. You can use ampinstmgr convertcertificate to convert a standard .cert + .key file pair into a PFX on Linux systems.

The main advantage is that no additional software is required, however it's not suitable for use with LetsEncrypt as AMP has to be restarted to swap out the certificate.

Linux Manual Configuration

This method is optimal if you already have your certificate in use with another webserver already.

Open /home/amp/.ampdata/instances/ADS01/AMPConfig.conf while ADS is stopped and edit the following lines:

Webserver.CertificatePath=/path/to/your/certificate.pfx
Webserver.CertificatePassword=y0urc0mplexpa5$word

Once you have done that, all existing instances other than ADS01 will need their authentication server updated to https://yourdomain.com:8080/.

The first file we need to edit is located in /home/amp/.ampdata/instances/srcds01/AMPConfig.conf if you are on a Debian variant such as Ubuntu. Change srcds01 accordingly for each instance you need to modify.

Here's how it should look, make sure to change domain.com to your vanity domain.

################################
# Login
################################
Login.UseAuthServer=True
# Login.AuthServerURL - The URL for the ADS instance providing authentication when using UseAuthServer
Login.AuthServerURL=https://domain.com:8080/
Login.LDAPAllowAuthOnAnyDomain=False
Login.LDAPAuthDomain=

Additionally, make sure to update your authentication server in your ADSinstance.kvp Respectively, changing your authentication server using the format provided above. This is located in /home/amp/.ampdata/instances/srcds01/ADSModule.kvp if you are on a Debian variant such as Ubuntu. Change srcds01 accordingly for each instance you need to modify.

Defaults.DefaultAuthServerURL=https://domain.com:8080/

Windows

Install the certificate to your system into the local machine store, and then view the certificate to get its serial number. Once you've done this edit the following lines to your AMPConfig.conf file for ADS:

Webserver.CertificateSerial=CERTIFICATESERIALNUMBERGOESHERE

©2022 CubeCoders Limited.

Add a custom sidebar

Clone this wiki locally