-
Notifications
You must be signed in to change notification settings - Fork 0
Configuration
Jan Kluka edited this page Jun 21, 2026
·
2 revisions
All settings live in plugins/EssDashboard/config.yml, created on first start. Edit it and restart the
server (or reload the plugin) to apply changes.
| Key | Default | Description |
|---|---|---|
port |
8095 |
TCP port the embedded web server listens on. Open/forward it to reach the panel remotely. |
host |
"" |
Public hostname/IP used only when printing the dashboard URL on startup. Blank prints <your-server-ip>. |
superuser.username |
admin |
The admin account auto-created on first start. |
superuser.password |
changeme |
Initial admin password. Change this before launch, or you'll be forced to change it on first login. |
jwt.secret |
"" |
Leave blank — a strong random secret is generated and saved here on first run. Keep it private. |
jwt.expiry-hours |
24 |
How long a login session stays valid, in hours. |
cors.allowed-origins |
"*" |
Allowed browser origins. * is fine for LAN/IP access. Lock to a domain for production, e.g. https://panel.myserver.com. |
demo.enabled |
false |
Enable an optional read-only demo account (great for screenshots/showcasing). |
demo.username |
demo |
Demo account username. |
demo.password |
demo |
Demo account password. |
console.allow-commands |
true |
Allow running server commands from the web console. Set false to make it read-only. |
console.blocked-commands |
[stop, restart, op, deop] |
Commands that may never run from the web console (matched on the first word, case-insensitive). Blocked attempts are still audited. |
notifications.webhook-url |
"" |
Discord webhook URL for staff/server action notifications. Blank disables them. |
notifications.events |
[BAN, UNBAN, KICK, MUTE, LOGIN_FAIL, SERVER_STOP] |
Which audited actions trigger a Discord notification. |
port: 8095
host: ""
superuser:
username: admin
password: changeme
jwt:
secret: ""
expiry-hours: 24
cors:
allowed-origins: "*"
demo:
enabled: false
username: demo
password: demo
console:
allow-commands: true
blocked-commands:
- stop
- restart
- op
- deop
notifications:
webhook-url: ""
events:
- BAN
- UNBAN
- KICK
- MUTE
- LOGIN_FAIL
- SERVER_STOPIf the panel is reachable from the internet:
- Change the admin password and enable 2FA.
-
Lock CORS — set
cors.allowed-originsto your exact panel domain, not*. -
Front it with HTTPS — run the dashboard behind a reverse proxy (nginx, Caddy, Traefik) that
terminates TLS and forwards to
127.0.0.1:8095. Do not expose plain HTTP publicly. -
Restrict the port — only expose
portto trusted networks where possible. -
Keep
jwt.secretprivate — it signs every session token. Treat the config like a password. -
Review
console.blocked-commandsand considerconsole.allow-commands: falsefor non-trusted staff.
See also: Troubleshooting & FAQ for reverse-proxy notes and lost-password recovery.
EssentialsX Dashboard v1.1.0 · GitHub · Web control panel for EssentialsX
Getting Started
Features
- Dashboard & Analytics
- Players
- Economy
- Bans, Mutes & Warnings
- Chat Moderation
- Kits & Warps
- Live Console
- Server Controls
- EssentialsX Modules
- Scheduler
- Broadcast & Mail
Administration
Reference