Skip to content

HTTPS

Jump to bottom
RedPolygon edited this page Sep 4, 2023 · 5 revisions

If you have a webpage served over HTTPS (i.e. using TLS), all resources it uses must be served over HTTPS as well. It is not easy for a plugin to support HTTPS and the data that gets sent is not sensitive, so you should use plain HTTP if you do not need TLS. There are a couple situations we can distinguish:

  • Without domain name: It is not possible to set up TLS in this situation, simply because the TLS certificate is tied to a hostname / domain.
  • With your own domain, with web hosting and access to the server configuration: Reverse proxy.
  • With your own domain and access to its DNS settings (also services like Wix, Squarespace): In-plugin HTTPS.

If you serve everything with the internal web server, there is nothing that requires HTTPS, so you may as well leave it plain HTTP.

Reverse proxy

If you have your own hosting (regardless of if you use it for WebStats), you can set up a reverse proxy. The following is an example Nginx configuration (thanks to @coco0305 for the example in this issue):

location /stats.json {
    proxy_pass http://ip:port/stats.json;
}

location /online.json {
    proxy_pass http://ip:port/online.json;
}

You need to configure the index.html so that it reads from this proxy, replace the host field with something like this:

const stats = new WebStats({
    // required:
    ...
    connection: new Connection({
        all: "yourdomain.com/path/to/reverseproxied/stats.json",
        online: "yourdomain.com/path/to/reverseproxied/online.json",
    }),
    // optional:
    ...
})

If you are using the internal web server of the plugin, you can place this index.html at plugins/WebStats/web/index.html (create the web/ folder if it does not already exist). Note that this file now does not get updated when you update the plugin, so you need to take care of that manually (index.html does not change every update, don't worry).

In-plugin HTTPS

Since version 1.9, it is possible for WebStats to serve its content over HTTPS. Be warned, though, that this method is still quite a hassle and requires maintenance at least twice a year; you should only use this when you have no other option. Make sure to read all steps before starting!

  1. Setting up a subdomain
    In your domain's DNS settings, add a subdomain with an A record pointing to your Minecraft server's IP.
  2. Getting a certificate
    You need to get a TLS certificate for the subdomain. One way to get one is from Let's Encrypt via certbot:
    1. TODO!

Web Stats banner

Clone this wiki locally