Setup AMP with CloudFlare

  • Last Post 09 September 2021
TheNoNinja posted this 20 June 2021

I want to setup AMP with CloudFlare and found this post describing that I needed to setup the https connection after the setup to circumvent the origin check. But now then I try to reach AMP through CloudFlare it thinks I used to wrong URL so it will send me to the URL that I set up which in turn redirects it back. This will loop till I get the the error "redirected you too many times." and it stops trying.

Is there something I could do to prevent this from happening while still using CloudFlare? Thanks in advance!

Order By: Standard | Newest | Votes
maggi373 posted this 08 July 2021

hey, could you explain this better? i currently use amp trough Cloudflare and it works great! i will gladly help you

  • Liked by
  • TheNoNinja
maggi373 posted this 08 July 2021

took some time and found my internal doc i made doing this: it does not match your setup but can be used to find an answer

  • Liked by
  • TheNoNinja
TheNoNinja posted this 30 August 2021

I'm so sorry for the late reply.

Some time after this post I have been using AMP without cloud flare but now I have been looking into it again. The problem I am running into is when I run the standard AMP installation wizzard it asks you to provide a domain to create a certificate for. If you input an domain that is run through cloudflare protection it will not recognize that the domain links to the AMP server.

I have read through the github link but I find it hard to understand certain things. Are you still willing to help me out?

Many thanks!

maggi373 posted this 08 September 2021

i can help, didnt get an email notificaton for this.

TheNoNinja posted this 08 September 2021

I have been able to setup AMP with cloudflare with a remote proxy and all that works but I'm having trouble with the authenticated origin pulls certificate you have in the reverse proxy. How did you get that certificate?

Mike posted this 09 September 2021

If you're using Cloudflare to do HTTPS offloading then you don't configure the domain in AMP at all. AMPs built in HTTPS is only for the situation where the domains IP points directly to the server (which it tells you during installation) so that it can configure letsencrypt.

maggi373 posted this 09 September 2021

updated the gist, remember that origin pull is only used to block traffic that does not go trough cloudflare's proxy, since it only accept traffic from cloudflare. Remember when theres an secure LAN between reverse proxy and amp, you dont need to encrypt traffic between them. And for origin pull to work, only accept traffic trough the https port 443 and block port 80

And those who might stumble on this thread, cloudflare's origin certificates (not origin pull) dont work with amp and i have tried. Amp don't accecpt the certificate types cloudflare gives you. So options are only let's encrypt or reverse proxy to secure traffic between cloudflare and amp. Those who want help with this can contact me at terralization modpack discord server.

Edit: You cant use amp's built in let's encrypt if i remember right it wont allow to use dns to check the owner

maggi373 posted this 09 September 2021

The guide is for those who use cloudflare access to replace an traditional vpn but an secure cloudflare proxy has mostly the same setup