{{#if not-authenticated}}
{{#if login-error}} {{/if}}

Set in plugins/FluxBans/web.ymlweb.admin.token

{{/if}} {{#if authenticated}}

Admin Panel

Logged in as {{admin-user}}

Pending Appeals
{{pending-count}}
Active Bans
{{active-ban-count}}
Active Mutes
{{active-mute-count}}
Total Appeals
{{total-appeal-count}}
{{#if no-pending}}
🎉
No pending appeals
All caught up!
{{/if}} {{#if has-pending}}
{{#list pending-appeals}} {{/list}}
Player Type Punishment ID Reason Submitted Actions
{{player}}
{{type}} #{{punishment-id}}
{{reason}}
Full appeal → 		{{created-at}}
{{/if}}
{{#if no-all-appeals}}
📋
No appeals yet
Appeals appear here once players start submitting them.
{{/if}} {{#if has-all-appeals}}
{{#list all-appeals}} {{/list}}
Player Type Punishment Status Submitted Handled By Link
{{player}}
{{type}} #{{punishment-id}} {{status}} {{created-at}} {{handled-at}} {{handled-by}} View
{{#if appeals-has-pages}} {{/if}} {{/if}}
{{#if no-bans}}
🎉
No active bans
The server is ban-free!
{{/if}} {{#if has-bans}}
{{#list admin-bans}} {{/list}}
Player Reason Banned By Expires Date ID Action
{{player}}
{{reason}} {{operator}} {{expires}} {{date}}
{{#if bans-has-pages}} {{/if}} {{/if}}
{{#if no-mutes}}
🔊
No active mutes
All players are free to speak!
{{/if}} {{#if has-mutes}}
{{#list admin-mutes}} {{/list}}
Player Reason Muted By Expires Date ID Action
{{player}}
{{reason}} {{operator}} {{expires}} {{date}}
{{#if mutes-has-pages}} {{/if}} {{/if}}

Current Server Configuration

bind {{web-bind}}:{{web-port}} base-url {{web-base-url}} ssl {{#if ssl-enabled}} ● Enabled on port {{ssl-port}} {{/if}} {{#if ssl-disabled}} ● Disabled {{/if}}

Edit plugins/FluxBans/web.yml on your server and run /fluxbans reload (or restart) to apply changes.

Setting Up a Custom Domain with SSL

Option A — Caddy Reverse Proxy ★ Recommended

Caddy automatically obtains and renews a free Let's Encrypt certificate for your domain. No manual certificate management required.

1
Restrict FluxBans to localhost. In web.yml, set: 
web:
  bind: "127.0.0.1"   # localhost only — Caddy will forward traffic
  port: 8080
2
Point your domain's DNS A record to your server IP. Wait for DNS to propagate (usually a few minutes).
3
Install Caddy on your server: 
# Ubuntu / Debian
apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list
apt update && apt install caddy
4
Create /etc/caddy/Caddyfile: 
bans.yourserver.com {
    reverse_proxy 127.0.0.1:8080
}
Replace bans.yourserver.com with your actual domain.
5
Start Caddy — it automatically gets the certificate: 
systemctl enable --now caddy
# Verify:
curl -I https://bans.yourserver.com
6
Update web.yml so links in kick messages are correct: 
web:
  base-url: "https://bans.yourserver.com"
Then run /fluxbans reload.

Option B — nginx + Certbot Alternative

1
Set web.bind: "127.0.0.1" in web.yml (same as Caddy step 1).
2
Install nginx and Certbot: 
apt install -y nginx certbot python3-certbot-nginx
3
Create /etc/nginx/sites-available/fluxbans: 
server {
    listen 80;
    server_name bans.yourserver.com;

    location / {
        proxy_pass         http://127.0.0.1:8080;
        proxy_set_header   Host              $host;
        proxy_set_header   X-Real-IP         $remote_addr;
        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
    }
}
4
Enable the site and get a certificate: 
ln -s /etc/nginx/sites-available/fluxbans /etc/nginx/sites-enabled/
nginx -t && systemctl reload nginx
certbot --nginx -d bans.yourserver.com
5
Update web.base-url to https://bans.yourserver.com and reload.

Option C — Built-in SSL (Java Keystore) Advanced

FluxBans can serve HTTPS directly without a reverse proxy. You need a PKCS12 keystore — either self-signed or from a CA.

1
Self-signed certificate (for testing only — browsers will show a warning): 
# Run this in your server's plugins/FluxBans/ folder
keytool -genkeypair \
  -alias fluxbans \
  -keyalg RSA -keysize 2048 \
  -storetype PKCS12 \
  -keystore ssl/keystore.p12 \
  -validity 365 \
  -dname "CN=your-server-ip, OU=FluxBans, O=MyServer, L=Unknown, ST=Unknown, C=US"
2
Real certificate via Certbot — export to PKCS12 after obtaining: 
# Get cert (webroot method — ensure port 80 is open and FluxBans is NOT on it)
certbot certonly --standalone -d bans.yourserver.com

# Export to PKCS12
openssl pkcs12 -export \
  -in  /etc/letsencrypt/live/bans.yourserver.com/fullchain.pem \
  -inkey /etc/letsencrypt/live/bans.yourserver.com/privkey.pem \
  -out plugins/FluxBans/ssl/keystore.p12 \
  -name fluxbans \
  -passout pass:changeme
3
Enable SSL in web.yml: 
web:
  bind: "0.0.0.0"
  ssl:
    enabled: true
    keystore-path: "ssl/keystore.p12"   # relative to plugins/FluxBans/
    keystore-password: "changeme"
    port: 8443
  base-url: "https://bans.yourserver.com:8443"
4
Restart the server. FluxBans will start on HTTPS port 8443. Open port 8443 in your firewall if needed.
Let's Encrypt certificates expire every 90 days. With built-in SSL you must manually renew and re-export the PKCS12 keystore. Caddy or nginx handle renewal automatically — prefer those for production.
Using Cloudflare? Proxy your domain through Cloudflare (orange cloud), set web.bind: "127.0.0.1", and Cloudflare will handle HTTPS automatically — no certificate required on the server. Set SSL/TLS mode to Full in the Cloudflare dashboard.
{{/if}}