Hytale WebServer Plugin

Byadmin_Mr

The ecosystem of a modern Hytale server is no longer limited to the game itself. To offer advanced features such as live maps, shops, statistics pages, or remote administration tools, your server needs to be able to communicate with the web. This is where the  Hytale WebServer Plugin comes in .

Rather than letting each mod open its own port and manage its connections chaotically, this plugin acts as a centralized foundation. It standardizes how your Hytale server exposes data via HTTP, greatly simplifying the lives of system administrators and optimizing performance.

Installation and first boot

The installation of this plugin is designed to be seamless. Simply place the file  in  your Hytale server’s .jarfolder  .mods/

You can find the JAR here: https://github.com/nitrado/hytale-plugin-webserver/releases/

On first launch, the web server will initialize automatically. By default, it listens on your game server’s port  + 3. For example, if your Hytale server is running on port  5520 , the web server will be accessible on port  5523 .

If you need to modify this behavior, especially if you host multiple servers on the same machine, you can create or edit the configuration file located here:
mods/Nitrado_WebServer/config.json

Here’s how to change the listening address and port:

{
  "BindHost": "0.0.0.0",
  "BindPort": 8080
}

Advanced TLS security management

This is the core configuration of this plugin. Exposing a web service without encryption is a risky practice today. The Hytale WebServer plugin natively integrates support for  Transport Layer Security (TLS) , allowing you to switch from HTTP to secure HTTPS.

By default, the plugin is secure. If you don’t change anything, it will automatically generate a  self-signed certificate . This is functional for testing, but your players’ web browsers will display a security warning because the certificate authority is not recognized.

Tls For a professional setup, you have three main options to define in your  section  config.json.

Use your own certificates (PEM)

If you have already purchased a domain name and generated SSL certificates from a recognized authority, you can provide them directly to the plugin. This is the recommended method for established servers that already have a web infrastructure.

You will need the path to your public certificate and your private key:

{
  "Tls": {
    "CertificateProvider": "pem",
    "Pem": {
      "CertificatePath": "/chemin/vers/votre/certificat.pem",
      "PrivateKeyPath": "/chemin/vers/votre/cle-privee.pem"
    }
  }
}

Automation with Let’s Encrypt

The plugin includes support for the ACME protocol, allowing you to obtain free and automatic certificates via Let’s Encrypt. For this to work, your server must be publicly accessible on port 80/443 or the configured port, and your domain must point to the server’s IP address.

Important:  During your initial testing, leave the value  Production as is  false. Let’s Encrypt applies strict rate limits in the production environment. Switch to this setting  true only once your configuration is validated.

{
  "Tls": {
    "CertificateProvider": "letsencrypt",
    "LetsEncrypt": {
      "Domain": "mon-serveur-hytale.com",
      "Production": false
    }
  }
}

Disable TLS (Insecure Mode)

In some very specific cases, for example if your Hytale server is behind a Reverse Proxy like Nginx or Apache which already handles SSL, you may want to disable encryption at the plugin level to avoid double handling.

However, only do this if you know exactly what you are doing and the server is not directly exposed to the internet.

{
  "Tls": {
    "Insecure": true
  }
}

Authentication and service accounts

The plugin doesn’t just serve pages; it also secures data access. It integrates directly with Hytale’s permissions system. This means you can restrict access to certain web pages based on the player’s in-game rank.

The anonymous user

For public pages (such as a list of connected players visible to everyone), the plugin uses an “Anonymous” user concept. It has a specific UUID (composed of zeros) and belongs to the group  ANONYMOUS.

If you wish to make certain data accessible without a password, you must grant the necessary permissions to the group  ANONYMOUS in your  permissions.json main Hytale server file.

Service Accounts

For external tools, such as a Discord bot that queries the server to display the status, using a player account is not recommended. The plugin allows the creation of “Service Accounts”.

These accounts are defined via JSON files in the folder  mods/Nitrado_WebServer/provisioning/. They allow scripts to authenticate via a standard “Basic Auth” method to make secure requests to your server.

Why this plugin is essential

Beyond the technical configuration, using this unified web server is a matter of performance and stability. If you install a statistics plugin (like  Query ) or a performance monitoring plugin (like  Prometheus ), they will depend on this core web server.

This avoids opening 10 different ports on your firewall for 10 different mods. You centralize HTTP/HTTPS traffic, you centralize SSL certificate management, and you offer a standardized and secure interface for your entire Hytale project’s web ecosystem.

Leave a Reply

Your email address will not be published. Required fields are marked *