Forums Archived

This forum has been archived. No new posts can be made and no new users can sign up. It remains here for reference only.

Find the new forums here

NGINX Reverse Proxy with CloudFlare

  • 399 Views
  • Last Post 29 December 2021
MattyIce posted this 28 December 2021

Host Type: Local server

OS Name/Version: Ubuntu 20.04.3

Product Name/Version: AMP

Problem Description: I would like a description of how to set up NGINX reverse proxy and webserver with Cloudflare. Why am I doing this, I would like to use a reverse proxy to hide my public IP as well as connect to my AMP instance I've read this article but I'm misunderstanding how this is being accomplished and if the said users public IP is being hidden. If I'm missing information it would be greatly appreciated to receive feedback.

Order By: Standard | Newest | Votes
webcraft posted this 28 December 2021

You can use literally every other description Google delivers to you because setting up nginx proxy with Cloudflare isn't part of AMP.

MattyIce posted this 28 December 2021

Yes I'm aware that AMP isn't apart of NGINX, I was asking how do I set up NGINX to work with AMP I'm misunderstanding how this works together.

webcraft posted this 28 December 2021

There's no real working toghether, rather both standalone. You can compare nginx to an wifi repeater in this case. It acts just as a forwarder without further integration.
You have to setup nginx as reverse proxy with the proxy_pass flag. If you use the getamp.sh installer, you can select to install nginx as reverse proxy to be setup along with AMP automatically.

MattyIce posted this 28 December 2021

Understood, I see my issue. I'm aware of the NGINX within the AMP configuration what I'm looking for is to hide my public IP by using CloudFlares proxy settings. Maybe this requires me to have a greater understanding of what I'm looking for.

webcraft posted this 28 December 2021

You point your cloudflare endpoint to the IP of your AMP server. The cloudflare record is added to your domain (or you manage your domain through Cloudflare, then it's automatically). This way your clients connect to the cloudflare IP which is forwarded to your nginx reverse proxy IP which forwards to the internal IP of AMP. If you forward the remote address (guest IP in cloudflare), then you always get the IP of the client in the header addtionally. Note that this setup is for AMP access not for gameservers managed through AMP.

MattyIce posted this 28 December 2021

So if I'm thinking about this correctly I add an A record in my DNS settings with the proxy on, that points to my public IP, and then in AMP it will recognize it and hide my public IP when I ping my domain?

webcraft posted this 28 December 2021

I'm not sure if I understand correctly what you want to say. If you pointed the nameservers of your domain to cloudflare and use cloudflare's dns management, you can enable the proxy feature within cloudflare's panel and add your original IP right there. It'll be a cloudflare internal algorithm to hide your original IP. Nginx will accept the "internal" connection between cloudflare's proxy and your server. This connection comes from a cloudflare IP (because it's forwarded by cloudflare's proxy) but contains the client IP in the headers. Then your local nginx forwards this connection within your server to AMP.

MattyIce posted this 28 December 2021

Yup, that's exactly what I'm going to do. Just to clarify does this mean I need to set up Nginx separate from AMP instead of using their Wizard?

webcraft posted this 28 December 2021

No, for your nginx it doesn't matter whether the connection comes from a residental IP or cloudflare's IP.
You can also use cloudflares proxy to handle the port mapping from 80 (default browser) to 8080 (port of AMP). According to their docs this is supported and works if you don't require SSL.

MattyIce posted this 28 December 2021

Got it which is exactly what I'm trying to do is keep the SSL cert.

webcraft posted this 28 December 2021

The SSL termination takes place at Cloudflare if they forward your traffic. The connection between cloudflare and your server can remain unencrypted if you limit your servers accessability to cloudflare's IPs.

MattyIce posted this 28 December 2021

I think I understand what you're saying, so blocking CloudFlares IPs on the WAN side of my router, so specifically to port 80?

webcraft posted this 28 December 2021

*blocking everything expect cloudflare's IP

  • Liked by
  • MattyIce
MattyIce posted this 28 December 2021

What could be causing a "Bad domain configuration" specifically when it says "The specified domain (my domain) resolves to '1xx.xx.xxx.xxx' but your external IP is 'xx.xxx.xxx.xxx'"?

Mike posted this 29 December 2021

You shouldn't use Cloudflare with AMP. It causes problems. Just let AMP do its own automatic HTTPS and point the domain to the server.

MattyIce posted this 29 December 2021

I don't disagree it causes issues, but how are you going to mask the users public IP?

Mike posted this 29 December 2021

You don't, there's no reason to do this. Cloudflare can't mask the actual game servers, only web traffic so in real terms you're not getting any additional protection.

  • Liked by
  • enixlin
MattyIce posted this 29 December 2021

Yes, I'm aware you can't mask the game servers I would like the webserver to be masked. So to start from the beginning all I would like to do is to mask the web server itself, not the game servers.

Close