Web Interface (/cweb)
Built-in web panel with no external dependencies: /cweb creates a personal one-time link, in the browser the player manages homes, claims, jobs, teams, warps and economy. No login, no password; the player must stay online during the session.
Commands & permissions #
| Command | Syntax | Permission | Default | Description |
|---|---|---|---|---|
/cweb | /cweb | core. | true | Creates/renews the personal one-time link |
| Additional permissions | Default | Description |
|---|---|---|
core. / claims / jobs / teams / warps / economy | true | Shows the respective category |
core. | false | Bypass the link cooldown |
How it works #
The link is single-use and expires after link-expiry-seconds; a new /cweb ends the old session. Everything in the browser is display only: only on Apply does the server verify every change live against permissions, team ranks, balance and cooldowns and saves it only on success (multiple changes are checked individually, one failure does not discard the others). The session ends after session-timeout-minutes of inactivity or when the player leaves the server. The web server is protected against request floods with rate limiting.
Categories: homes (view/delete; setting only ingame), claims (view/abandon, needs CoreEngineClaim), jobs (levels, earnings, quests, top lists), teams (members, ranks, bank, containers and the team warps including team-only ones: rename, icon by item id, description, visibility toggle, delete; all by team rank, including team creation under the same rules as ingame), warps (manage the public list: rename, icon by item id like cobblestone, description, category, delete; creating and moving happens ingame on purpose because the position comes from the player), economy (balance, last 50 transactions, /pay).
Setup on public servers #
Locally /cweb works instantly on http://localhost:8196. Publicly, set the public-url once:
- Open
plugins/CoreEngine/modules/websession.and setyml public-urlto your IP/domain (withouthttp://). - Open port 8196 (TCP) in your firewall/host panel.
- Restart or
/ce reload; the log must show your address in[WebSession] /cweb links will use: http://....
For HTTPS: reverse proxy (nginx/Caddy) on 443, bind-address: "127., public-url: "https://panel., behind-proxy: true. If your host does not allow extra ports, set websession. so players do not get dead links.
Configuration (modules/websession.yml) #
# Enables or disables the web interface module.
enabled: true
websession:
# Web interface individually toggleable.
enabled: true
# Port of the embedded HTTP server.
port: 8196
# Bind address. 127.0.0.1 for reverse proxy setups.
bind-address: "0.0.0.0"
# Address in the links. IP/domain is enough (http:// and port are
# added), full URLs like https://... are used unchanged.
# Required on public servers, otherwise links point to localhost.
public-url: ""
# Trust X-Forwarded headers (ONLY behind a reverse proxy).
behind-proxy: false
# Seconds an unused link stays valid.
link-expiry-seconds: 300
# Cooldown for NEW links; a still-valid link is reused.
# Bypass: core.web.cooldown.bypass.
command-cooldown-seconds: 10
# Session ends after N minutes of browser inactivity.
session-timeout-minutes: 20
# Optional website link in the panel footer.
website-url: ""Troubleshooting #
| Problem | Cause | Fix |
|---|---|---|
Link shows localhost | public-url empty or in the wrong file | Set it in modules/websession. (not config.), reload, check the log |
| Link loads forever | Port not reachable | Open port 8196 (TCP) |
| "Web interface not available" | Module off or port taken | websession.; check the log for Could not start web server |
| "Link expired" | Older than 5 minutes or already used | Type /cweb again |
| Session ends suddenly | Player offline or inactivity | Connect and run /cweb again |
| Category missing | Permission missing or module disabled | Grant core., enable the module |
| "CSRF failure" | Cookie/browser problem | Clear cache, open a new link |
| Rate limit blocks | Too many requests/failures | Wait 10 minutes |
Complete example config #
enabled: true
websession:
enabled: true
port: 8196
bind-address: "127.0.0.1"
public-url: "https://panel.myserver.com"
behind-proxy: true
link-expiry-seconds: 180
command-cooldown-seconds: 30
session-timeout-minutes: 15
website-url: "https://myserver.com"