Home / Docs / NexoraSMP / Web dashboard

Web dashboard

A futuristic web control panel served directly from the plugin. No companion service, no external dependencies. 10 pages, live updates, built-in YAML editor.

Setup

The dashboard is enabled by default. To customise:

config.yml
modules:
  web-dashboard:
    enabled: true
    port: 8765
    bind-address: "0.0.0.0"   # 127.0.0.1 for local-only
    chat-buffer-lines: 500
    console-buffer-lines: 1000
    tls:
      enabled: false
      keystore: ""
      password: ""

Logging in

On first start, NexoraSMP prints a one-time login token to console:

[NexoraSMP] Login token: vR4P9-XnE2-7yJk-4mTq

Open http://<server-ip>:8765, paste the token, and you're in. Sessions last 24 hours by default.

Tip

Lost the token? Run /nexora dashboard token in console to mint a new one.

Pages

Overview

Live TPS, memory, uptime, online players, loaded chunks, total entities. Per-world breakdown, lag spike detector, recent notifications panel.

Players

Online player list with ping, location, gamemode, health, food, XP. Click a player for an action menu: kick, ban, teleport, give item, change gamemode, inventory viewer.

Live map

Top-down player position view per world. Updates in real time. Useful for spotting raid groups or finding lost players.

Console

Live tail of the server console with colour preserved. Type any command at the bottom and it executes as console (not as a player). Audit-logged.

Chat

Live feed of chat, joins, quits, and deaths. Filter by type. Send messages as console / staff. Useful for monitoring without being in-game.

Moderation

Three tabs:

  • Punishments: issue, expire, or delete warns, mutes, kicks, and bans
  • Tickets: claim, close, and comment on player tickets and reports
  • Whitelist: add or remove players, toggle whitelist mode

Modules

Enable / disable any module at runtime. Toggling here is equivalent to editing config.yml + /nexora reload, but takes effect instantly without console access.

Insights

Four analytics tabs:

  • Leaderboards: playtime, kills, deaths, blocks broken
  • Death log: recent deaths with cause, killer, and location
  • Heatmap: 7-day × 24-hour player activity grid
  • Audit log: every staff action with actor, target, and timestamp

Configs

In-browser YAML editor. Lists every editable file (grouped by folder), provides syntax-friendly editing, and auto-backs up to config-backups/ on every save. One-click restore from any backup.

Settings

Four tabs:

  • Webhooks: Discord webhook URLs for alerts (chat, joins, punishments)
  • MOTD designer: visual editor for the server list MOTD
  • Restart scheduler: schedule recurring server restarts with player warnings
  • Resource pack: set the optional or required resource pack URL

Security

Before going live

Before exposing the dashboard publicly:

  • Enable TLS in config.yml (or reverse-proxy via nginx with Let's Encrypt)
  • Bind to 127.0.0.1 if only used over SSH tunnel or local network
  • Restrict the firewall port to known IPs if possible
  • Rotate the token regularly via /nexora dashboard token

How auth works

The plugin generates a base token on first start, hashed with SHA-256 and stored in the database. Logins exchange the token for a session cookie with a sliding 24-hour TTL. All requests after login validate the session and extend its expiry. Logout revokes the session immediately.

API endpoints

The dashboard talks to the plugin over a JSON HTTP API at /api/*. Every endpoint requires the Authorization: Bearer <session> header (except /api/login).

Selected endpoints:

MethodEndpointDescription
GET/api/server/statsTPS, memory, world stats
GET/api/playersOnline player list
POST/api/console/runExecute a console command
GET/api/configsList editable config files
POST/api/punishments/issueIssue a punishment
POST/api/modules/toggleEnable / disable a module
Note

The full API reference is on our roadmap. Drop into our Discord if you need an endpoint documented sooner for an integration.

← Previous Modules