Webfront - RaidMax/IW4M-Admin GitHub Wiki
Webfront Configuration
The IW4MAdmin webfront provides a modern web interface for managing your game servers, viewing player statistics, administering penalties, and more.
Enabling the Webfront
Add the following to your IW4MAdminSettings.json:
{
"Webfront": {
"Enabled": true,
"BindUrl": "http://0.0.0.0:1624"
}
}
Once enabled, access the webfront at http://your-server-ip:1624.
Configuration Reference
All webfront options are configured under the Webfront section:
{
"Webfront": {
"Enabled": true,
"BindUrl": "http://0.0.0.0:1624",
"ManualUrl": "https://example.com:1624",
"CustomBranding": "My Server Network",
"PrimaryColor": "#117ac0",
"SecondaryColor": "pink",
"ThemePreset": "minimal",
"PreventUserCustomization": false,
"EnableConnectionWhitelist": false,
"ConnectionWhitelist": [],
"UseSsl": false,
"SslCertificatePath": null,
"SslCertificatePassword": null
}
}
General Settings
| Property | Type | Default | Description |
|---|---|---|---|
Enabled |
bool | false |
Enable or disable the webfront |
BindUrl |
string | http://0.0.0.0:1624 |
Address and port to listen on. Use 0.0.0.0 for all interfaces |
ManualUrl |
string | — | Override the public URL (useful behind a reverse proxy) |
CustomBranding |
string | — | Custom text shown in the header instead of "IW4MAdmin" |
Theming
| Property | Type | Default | Description |
|---|---|---|---|
PrimaryColor |
string | #117ac0 |
Primary accent color (hex code) |
SecondaryColor |
string | pink |
Secondary accent color |
ThemePreset |
string | minimal |
Theme preset name |
PreventUserCustomization |
bool | false |
Prevent users from customizing their theme |
Access Control
| Property | Type | Default | Description |
|---|---|---|---|
EnableConnectionWhitelist |
bool | false |
Restrict access to specific IP addresses |
ConnectionWhitelist |
string[] | [] |
Array of allowed IP addresses/ranges |
SSL/HTTPS
| Property | Type | Default | Description |
|---|---|---|---|
UseSsl |
bool | false |
Enable HTTPS (serves over HTTPS only when enabled) |
SslCertificatePath |
string | — | Full path to the .pfx certificate file |
SslCertificatePassword |
string | — | Password for the certificate (if required) |
Examples
Basic Setup
{
"Webfront": {
"Enabled": true,
"BindUrl": "http://0.0.0.0:1624"
}
}
Custom Branding and Colors
{
"Webfront": {
"Enabled": true,
"BindUrl": "http://0.0.0.0:1624",
"CustomBranding": "Awesome Gaming Network",
"PrimaryColor": "#e74c3c",
"SecondaryColor": "#3498db"
}
}
Restricted Access (Whitelist)
{
"Webfront": {
"Enabled": true,
"BindUrl": "http://0.0.0.0:1624",
"EnableConnectionWhitelist": true,
"ConnectionWhitelist": [
"192.168.1.0/24",
"10.0.0.5"
]
}
}
Behind a Reverse Proxy
When running behind a reverse proxy (nginx, Caddy, etc.):
{
"Webfront": {
"Enabled": true,
"BindUrl": "http://127.0.0.1:1624",
"ManualUrl": "https://iw4m.example.com"
}
}
SSL/HTTPS Setup
Configuration
{
"Webfront": {
"Enabled": true,
"BindUrl": "https://0.0.0.0:1624",
"UseSsl": true,
"SslCertificatePath": "C:/path/to/certificate.pfx",
"SslCertificatePassword": "your-password"
}
}
Obtaining a Certificate
Self-Signed (Development/Testing)
Create a self-signed certificate using PowerShell:
$cert = New-SelfSignedCertificate -DnsName "localhost","yourdomain.com" -CertStoreLocation "cert:\LocalMachine\My" -NotAfter (Get-Date).AddYears(5)
$password = ConvertTo-SecureString -String "YourPassword" -Force -AsPlainText
Export-PfxCertificate -Cert $cert -FilePath "C:\path\to\certificate.pfx" -Password $password
⚠️ Self-signed certificates show browser warnings. Use only for testing.
Let's Encrypt (Free, Production)
- Obtain a certificate using Certbot or win-acme
- Convert to PFX format:
openssl pkcs12 -export -out certificate.pfx -inkey privkey.pem -in fullchain.pem
Commercial Certificate
Purchase from a Certificate Authority and export as .pfx.
SSL Troubleshooting
| Error | Solution |
|---|---|
| "The specified network password is not correct" | Verify SslCertificatePassword |
| "Cannot find the specified file" | Use an absolute path for SslCertificatePath |
| Browser shows "Connection not secure" | Use a trusted CA certificate (self-signed certs always warn) |
Permission Sets
Fine-grained access control is managed via PermissionSets. Each permission level inherits from lower levels:
{
"Webfront": {
"PermissionSets": {
"User": ["HelpPage.Read", "ProfilePage.Read", "Interaction.Read"],
"Trusted": ["HelpPage.Read", "ProfilePage.Read", "Penalty.Read", "..."],
"Moderator": ["..."],
"Administrator": ["..."],
"SeniorAdmin": ["*"],
"Owner": ["*"]
}
}
}
Use "*" to grant all permissions. See the default configuration for a complete list of available permissions.