AMP SSL requirements to Sed Game Admin password

  • 51 Views
  • Last Post 2 weeks ago
  • Topic Is Solved
ITCub posted this 4 weeks ago

Hi,

Bit of both a suggestion and Support to overcome.

During the linux install of AMP - Module SSL, if it detects an error during SSL install it will go on the fritz and leaves a half arsed config in a mess!, When i go and fix this up manually it crashs amp's proxy web server.

So!

Suggesting to remove the forced requirement of SSL to set a server Admin password on ARKse. At least add an option where linux administrators can override this function and disable it in on the linux file system directly to accept the conditions or something nothing worse then forced requirements that are not nessesury and when you pay for the lisences, you should have the opinion to have ssl or not, and not be forced at reduced funtionallity of a product you pay for.

When starting the ARKse game server the AMP system re-generates the password on every restart/start, this is absolutely not nessury in my opinion, especially when i set the password in the back end AMP shouldn't override this if it sees i have changed the password from last start/restart.

Order By: Standard | Newest | Votes
Mike posted this 4 weeks ago

AMP just produces a normal nginx config, you can simply remove it - but you should find out what's wrong and fix it. HTTPS should not be considered optional if you have a domain that you can use - otherwise every password, every line of console input or output is sent unencrypted as clear text.

HTTPS is required because you don't get clipboard access in the browser without it. That's not an AMP restriction, that's a browser restriction.

AMP uses the RCON to provide the console so AMP needs control over it. RCON is an insecure protocol with no encryption, so AMP uses rolling passwords to help tighten things up a bit. As a rule AMP tries to do things in the most secure way possible.

Check out the letsencrypt logs or the getamp logs and find out why the HTTPS setup failed instead of trying to circumvent AMPs security precautions.

ITCub posted this 4 weeks ago

Hi Mike,

First of all thanks for replying promptly.

Let me take you on a ride on my use case, and why options to disable/override are vaild.

I host 30 game servers, running across 20 VM's with an internal range of 192.168.0.0/23 which is all protected and filtered by my Mikrotik HA firewalls which handle all port natting to all my game servers, i have 3 public IP's assigned to 30 Game servers soon to be expand to 50, and i use different control pannels, console scripts for managing them, I found AMP offers a clustered solution which i have been testing and fell in love with which i can use to manage all of them from a single interface, but lacks my use case and dosn't support todays lack of IPv4 space requirements set by APNIC..

You maybe aware of the limited IPv4 Space avilable and using IPv4 addresses for SSL CEO on websites, for each Game Server, etc is no valid reason these days and will come at a risk of loosing the IP's assigned instantly if the ISP/provider in question gets Audited.

These are an interesting read: www.apnic.net/manage-ip/ipv4-exhaustion/

Conditions for using IPv4 www.apnic.net/about-apnic/corporate-documents/documents/resource-guidelines/ipv4-guidelines/

Sometimes a public IP and DNS is not always the way to go about it, especially when you don't have IPv6 available yet and it's not widely supported by ISPs fully who are still catching up on todays networking standards.

So, I suggest considering the above use case in my case, add overrides to autogenerating things i can manually edit myself.

The Generate password/Set password for the game admin is a AMP function and not a Broswer function, and adding an option to disable autogenerated passwords on start would be a huge step towards use cases like mine and others.

Because mgbb . com can't be used

maggi373 posted this 2 weeks ago

you don't need public ip4 addresses to use https in an local network, add some host overrides in the dns resolver. I have done it with my servers and it works fine. Note: i dont use amps builtin certbot, i use a certbot that support dns entries. And if the traffic is public, there is no excuse not to use https, so i agree with mike. Alot of people are lazy and don't know soo much as you do and therefore forcing them to be secure is the only way almost. But i dont host ARKse so i might be wrong here.

Close