1. Install Controller

Setup AMP Controller

apt update && apt dist-upgrade -y
apt install curl -y
update-locale LANG=en_GB.UTF-8
reboot

bash <(curl -fsSL getamp.sh)

Enter your admin username and password

Select no to install docker as this is only the controller

Select no for the java installation as this is only the controller

Select no for SteamCMD as this is only the controller

As this server is behind a NAT and I will not forward port 80, I will not enable the auto configuration for Let’sEncrypt. I will run this server behind my reverse proxy.

Press enter to start the installation

Open your browser and visit http://ip:8080 and login with the user created during the setup

Enter your license key

Setup Let’s Encrypt

curl https://get.acme.sh | sh
mkdir -p /etc/letsencrypt/live/amp.xalnet.cc
export CF_Token="CloudflareToken"
export CF_Email="Email"
cd /root/.acme.sh
./acme.sh --issue --dns dns_cf -d "amp.xalnet.cc" --server letsencrypt \
--key-file /etc/letsencrypt/live/amp.xalnet.cc/privkey.pem \
--fullchain-file /etc/letsencrypt/live/amp.xalnet.cc/fullchain.pem

Setup NGINX reverse proxy

apt install nginx -y
rm /etc/nginx/sites-enabled/default
nano /etc/nginx/sites-available/amp.conf

server {
    listen 80;
    listen [::]:80;
    
    server_name amp.xalnet.cc;

    if ($host = amp.xalnet.cc) {
        return 301 https://$host$request_uri;
    }

    return 404;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name amp.xalnet.cc;

    # Replace the below as appropriate according to certificate locations and
    # whatever SSL settings you want. The below reflects a standard certbot
    # configuration
    ssl_certificate /etc/letsencrypt/live/amp.xalnet.cc/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/amp.xalnet.cc/privkey.pem;
    ssl_session_cache shared:SSL:10m;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
    ssl_prefer_server_ciphers on;
    
    location / {
        proxy_pass http://localhost:8080;  # Or whatever local IP and port ADS is listening on
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        Upgrade $http_upgrade;
        proxy_set_header        Connection "Upgrade";
        proxy_set_header        X-AMP-Scheme $scheme;
        proxy_read_timeout      86400s;
        proxy_send_timeout      86400s;
        proxy_http_version      1.1;
        proxy_redirect          off;
        proxy_buffering         off;
        client_max_body_size    10240M;

        # The following nine lines will only work if nginx and AMP are on the same host
        error_page 502 /NotRunning.html;
        location = /NotRunning.html {
            root /opt/cubecoders/amp/shared/WebRoot;
            internal;
        }

        location /shared/ {
            alias /opt/cubecoders/amp/shared/WebRoot/;
        }
    }
}

ln -s /etc/nginx/sites-available/amp.conf /etc/nginx/sites-enabled/amp.conf
systemctl restart nginx