Configuration
config.yml
Full configuration reference with all available options:
# Enable debug logging
debug: false
# ============================================
# Authentication Settings
# ============================================
session-timeout: 30 # Minutes (0 = login every time)
max-login-attempts: 5 # Before kick
login-timeout: 60 # Seconds to authenticate (0 = unlimited)
min-password-length: 6
max-password-length: 32
require-strong-password: false # Uppercase + lowercase + number
max-accounts-per-ip: 3 # 0 = unlimited
# ============================================
# Player Restrictions (before login)
# ============================================
hide-unlogged-players: true # Invisible + blindness
block-movement: true # Position locked, head rotation OK
block-interactions: true # Chat, commands, blocks, inventory
hide-quit-if-not-logged: true # Hide quit message
allowed-commands: # Always includes /login, /register, /2fa
- "/help"
teleport-to-spawn: false
# ============================================
# Name Validation
# ============================================
name-validation:
enabled: true
pattern: "^[a-zA-Z0-9_]{3,16}$"
blocked-words:
- "admin"
- "moderator"
- "server"
# ============================================
# Premium Auto-Login
# ============================================
premium:
enabled: false
mode: "opt-in" # "strict" or "opt-in"
uuid-mode: "OFFLINE" # "OFFLINE" or "REAL"
# ============================================
# Security
# ============================================
notify-on-failed-login: true # xlogin.notify permission
ip-lock: false # Only allow login from last IP
security:
ip-ban-duration: 30 # Minutes
ip-rate-limit-max: 10 # Failed attempts before ban
ip-rate-limit-window: 10 # Minutes
# ============================================
# Messages Display
# ============================================
# Toggle chat messages on automatic authentication
# Only affects LOBBY/GAME servers (AUTH never shows messages)
messages:
session-resumed: true # "Session resumed" on reconnect
premium-auto-logged: true # "Authenticated automatically" for premium
login-success: true # "Successfully logged in" after /login
login-title:
enabled: true
login-title: "<gold><bold>Welcome back!"
login-subtitle: "<gray>Use <white>/login <password>"
register-title: "<gold><bold>Welcome!"
register-subtitle: "<gray>Use <white>/register <password> <password>"
login-bossbar:
enabled: true
text: "<red>Please authenticate - {time}s remaining"
color: RED
login-actionbar:
enabled: true
# ============================================
# Proxy (BungeeCord / Velocity)
# ============================================
proxy:
enabled: false
role: AUTH # AUTH, LOBBY, or GAME
redirect-server: "lobby"
auth-server: "auth"
redirect-delay: 20 # Ticks
kick-on-bypass: false
# ============================================
# Two-Factor Authentication
# ============================================
two-factor:
enabled: false
# ============================================
# Email Recovery
# ============================================
email-recovery:
enabled: false
smtp:
host: "smtp.gmail.com"
port: 587
username: ""
password: ""
from: "noreply@example.com"
tls: true
code-expiry: 10
cooldown: 5
# ============================================
# Bedrock
# ============================================
bedrock:
auto-login: true
# ============================================
# Update Checker
# ============================================
update:
check: true
notifications: true