wiki:Integrated Webserver

Version 20 (modified by Christian Illy, 4 years ago) ( diff )

Added note on SSL reverse proxying

Part of the Server fixes.

Meant to become an easy to use and everywhere accessible administration interface mostly for tasks like player management. (Currently in early development stage)

Current features

  • Viewing the map of the game as much as visited by players
  • View currently online / offline players' locations on the map
  • Look at the inventory (including belt and equipment) of a player
  • Show land claims on the map
  • Show a grid overlay on the map to easily see what region files are associated with a given area
  • Individual permission levels for each feature, login with Steam account

Access

The webserver will listen on the port defined as ControlPanelPort (from serverconfig) + 2. I.e. if you have set ControlPanelPort to 8080 (as it is by default) the webserver will listen on http://<yourIpOrDomain>:8082/

Is it running?

To check if the webserver was started look at the output_log.txt. It should contain a line like:

1.234 Started Webserver on 8082

If it does the server was started on the given port.

Permissions

Since WebAndMapRendering v7 this mod uses Steam login. This means that the permission level is calculated like this:

  1. Client has logged in with his Steam account
    1. Client does have an explicitly set permission level in the server's serveradmin.xml: Use the permission level from serveradmin.xml
    2. Client does not have an explicit permission level: permission level is 1000 (same as it would be in game)
  2. Client is not logged in
    1. A valid web token is passed to the request: Use permission level as set for that web token (see below)
    2. Otherwise permission level is 2000

The permission level is used to check to which features the client is allowed access. By default only permission level 0 has access to everything, every higher permission level does not have any access. This can be changed by assigning different permission levels to the web modules with the webpermission command. A list of available permission names can be viewed with webpermission list.

For example in order to give everyone access to the map but not any of the map features like player tracking set the permission level of the web.map module to 2000:

webpermission add web.map 2000

To allow those that have logged in with their Steam accounts access to the server time in addition to the basic map set the permission level of the webapi.getstats module to 1000:

webpermission add webapi.getstats 1000

Web Tokens

As tools like server managers obviously can not identify themselves with Steam login a token system has been added. That way those tools can provide a predefined token on each request to the webserver and those requests will be handled with the permission level given to that specific token. Web tokens are set up with the webtokens command. The tokens have to be passed to each request like this:

http://<server>:<port>/map/0/2/1.png?adminuser=<tokenuserpart>&admintoken=<tokenpasswordpart>

For example, if your server is running on your machine, port 8082 and you added a webtoken with name "admin" and password "supersecrettoken" a request would look like this:

http://localhost:8082/api/getstats?adminuser=admin&admintoken=supersecrettoken

apache and mod_proxy

If you already have a domain for your server and want a nice looking domain like 7dtd.example.com for your internal webserver instead of http://example.com:8082/ you can use apache and mod_proxy. We will use apache and ubuntu to provide an example but any other web server or os may be used in a similar way. We will use "example.com" as our domain, please replace it with your own domain or IP address.

Install apache2 (we assume you are logged in as root during this example) using either the official documentation or any other tutorial you find on the net. Basically just run

apt-get install apache2
a2enmod proxy
a2enmod proxy_http
service apache2 restart

create a new config

nano /etc/apache2/sites-availible/7dtd.example.com.conf

and paste the following into it (assuming the ControlPanelPort is 8080)

<VirtualHost *:80>
	ServerName 7dtd.example.com
	ServerAdmin webmaster@example.com

	ProxyPreserveHost On
	ProxyPass / http://localhost:8082/
	ProxyPassReverse / http://localhost:8082/	

	ErrorLog ${APACHE_LOG_DIR}/7dtd.example.com.error.log
	LogLevel warn
	CustomLog ${APACHE_LOG_DIR}/7dtd.example.com.access.log combined
</VirtualHost>

When using an SSL enabled VirtualHost make sure to add the following directive to the VHost config so the mod knows it is being accessed through SSL:

	RequestHeader set X-Forwarded-Proto "https"

now active the new config and restart apache

a2ensite 7dtd.example.com.conf
service apache2 restart

You should now be able to visit 7dtd.example.com and see the map.

Please note that this is _not_ a secure way to hide the ControlPanelPort from your users! Port scanning is always an option!

Planned stuff

  • List of players (filter by online, banned, admin/mod, permission level ... anything else?)
    • Info: name, steamid, ip, playtime, last seen, online/offline, stats, last position ...
    • Kick/Ban, change permission level
    • show on map
    • show trail
    • show keystones as list and on map (with claimed area overlay)
    • Send PM
    • ... ?
  • List of command permissions
  • Chat log
  • Console log
  • ... ?
Note: See TracWiki for help on using the wiki.