Search the Community

Hello, I was able to successfully configure windows IIS as a reverse proxy using URL re-write and AAR. I also enabled SSL offloading so I can put my Let's Encrypt cert in IIS and manage it through there as well as control the level of SSL Ciphers that IIS can use. Emby comes up perfectly and works.. Right up until you click play on a movie. The playback seems to take forever to load, it eventually does but then another issue comes up. The CPU on the server jumps to 99% and it never stops. From what I can tell of the logs it is doing a Remux of the file and then playing it which is causing the CPU to run hot. I was playing "The Fifth Element" as a test and when I viewed the stats for nerds it states that the "media bitrate exceeds limit" which I find odd as the movies overall bitrate is just 12/Mb. As a test I then disabled the reverse proxy and used the built in emby way of encrypting the server. I passed the .pfx12 file and its password and changed the port to 443 and did another test with the same movie and it played perfectly. It loaded instantly and the CPU stayed at around 1% usage. Could it be the SSL offloading that is causing this ? Could it be IIS itself ? Is there specific things I need to change within IIS in order for this to work correctly ? Has anyone here been able to successfully get an IIS reverse proxy with SSL offloading to work with emby ? Let me know Thank You

Hey, I had it setup for a while with an Letsencrypt Certificate converted into p12. It worked flawlessly. Then my cert ran out and I had to renew it. So i did "certbot --renew" which worked and converted it into a p12 with openssl pkcs12 -export -out certificate.p12 -inkey privkey.pem -in cert.pem -certfile fullchain.pem But sinse then HTTPS is not working: (Sorry for German) I already tried to change the path, the certfile has all rights and I have no idea why it's not working. Also in the Dashboard it's not shown with HTTPS: The logs are attached. Maybe someone here has an idea. Thanks in Advance! embyserver.txt ffmpeg-remux-fee6f20e-34b8-41bf-8c2b-f9d6f324abf5_1.txt ffmpeg-transcode-ffc235e7-a070-4e74-965f-9e8f183059c8_1.txt hardware_detection-63715285219.txt

I've been looking, but I cannot find any examples of how to self-host Emby behind an NGINX reverse proxy at anything other than the root path on port 80. I host a website under the www subdomain at the root path on port 80, so that's not an option. I'm fine with any of these solutions: Use a different port (http://www.mydomain.com:8096/) Use a different subdomain (http://emby.mydomain.com/) Use a different path (http://www.mydomain.com/emby/) My current configuration is an attempt at solution #3 because that's the one I was able to get furthest on. I think I'd prefer solution #1 or #2, but I'm not picky. I'd also like to setup SSL, but I need to get this working before I can worry about encryption. That said, the SSL configuration for my website might be responsible for my current problem. All requests to port 80 are redirected to 443, which has SSL enabled. The server just directs everything on the /emby path to localhost:8096, which Emby binds to. I'm able to load the index page, but it fails to load the Javascript used to render any actual content. It looks like the server isn't able to serve the Javascript file over HTTPS. I have very limited experience with NGINX and Emby and I have no idea how to fix it. Here's my NGINX server configuration: server { listen 443 ssl default_server; listen [::]:443 ssl default_server; root /█████/website; server_name █████; ssl on; ssl_certificate /█████/cert.pem; ssl_certificate_key /█████/privkey.pem; ssl_stapling on; ssl_stapling_verify on; resolver 8.8.4.4 8.8.8.8; location /static { alias /█████/website/static; } location / { try_files $uri @wsgi; } location @wsgi { proxy_pass http://unix:/tmp/gunicorn.sock; include proxy_params; } location ~* .(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ { access_log off; log_not_found off; expires max; } location /emby { proxy_pass http://127.0.0.1:8096; } } server { listen 80 default_server; listen [::]:80 default_server; server_name █████; return 301 https://$host$request_uri; }

So, i needed to enable remote connections for Emby server, and i wanted to secure it with https. I have seen quite a few guides on how to enable https on emby server, but i find this to be an easier way if you own an asus router that supports Lets Encrypt. Im not sure which models that support this, but my AC-86U did. All i did to get a hold of the ssl ceritifactes was to enable this in the WAN-DDNS section in the router, then export files like this: Then i converted the cert and key file to a pfx file with "Win64OpenSSL_Light-1_1_0L" https://slproweb.com/products/Win32OpenSSL.html and imported this in to Emby: I used this command: "openssl pkcs12 -inkey key.pem -in cert.pem -export -out output.pfx" Of course you also have to port forward the needed ports to make this work. Thats it, so if you own an ASUS router with this option you can save a lot of time, and a bonus, the router also automaticly renews the certificates. If this already has been posted i apologize, and feel free to leave comments if there are things i have missed or if this method seems like a bad idea.

Hello This is my first post here, but I read here a lot and solved many problems I had, so first thanks this community. But now I have a Problem and no idea how to solve it. I use a lot how-to but I am not able to get an https connection to my Emby Server With this instructions I get no more a "could not connect", but I get a "PR_END_OF_FILE_ERROR" in Firefox and "ERR_CONNECTION_CLOSED" in Chrome. I´m not really familiar with SSL but with an apache or lighttpd I had no problems to set up an https connection, but with the Emby Server I don´t know any further. In the log file there are only the http request, nothing about https. Where should I search for this issue, are there other settings which affect to SSL? If you need more information from me, just ask. BdT Varmandra

Hello I have my Emby server configured to use ssl by inputting the external domain name and secure connection mode set to handled by reverse proxy. I have nginx secured with ssl and I can successfully hit my emby server using the custom domain url, and certificate is successfully verified for https. But it seems my users that go through the app.emby.media site and log in using emby connect are still directed to an http site with a not secure connection warning. Is there a simple step I'm missing to get that to redirect to the proper https wan url configured in Emby?

So I am looking to migrate from plex to emby and so far so good, still needing a lot of testing. However one thing that is keeping me from migrating is the SSL encryption. With Plex, they actually provide their own proxy and they pay for the encryption and Emby seems like you have to have provide your own domain with SSL cert. With letsencrypt being main stream and free, this is fine and dandy. However, the way I understand their certs, they are only good for 90 days I believe and then you have to renew (again for free). This is quite an administrative task to do this every three months. Letsencrypt does have API to be able to do renew if you have an account. So my feature request would be to add the ability in emby to enter your lets encrypt credentials and have emby renew the cert automatically via letsencrypt api so this does not have to be done manually. I am curious if anyone else has found a better alternative to this.

Do you have a step by step for SSL setup for EMBY?

Hi guys, big thanks to all who have posted walk throughs for setting up domains, DDNS, SSLs, etc. So far I have the domain name and DDNS working for HTTP traffic. But for whatever reason HTTPS traffic just times out everytime. I am relying on the UPnP protocol on my router instead of port forwarding and the bindings are correct. 443 is going to 8920, 80 goes to 8096. But I cannot connect via https:// or :443 ever. Even setting up manual port forwarding does not work. So I cannot tell if my certificate is even working but I shouldn't need the certificate to even connect via HTTPS, right? If the port binding is there I should be able to connect I am using Certify the Web for the SSL and it has been correctly setup with my domain but I can't tell if Emby is really using it. Any help would be appreciated.

After several days of frustration, I have managed to setup SSL far enough to get a connection but the browser does not like like the certificate - see attached. I tried to follow the various sets of instructions around the site, the only config I could get to work is as follows; Static IP address on my router setup sub domain on my domain DNS with a forward to the router address and port My question is emby instructions say the server will create it's own SSL cert but I cannot get this to work. If I leave the field for the path to cert blank then I am unable to save - this is why I went the create your own cert route (which I cant get to work!). I have found an SSL folder in the emby folder structure (windows 10) but nothing is in there. I have read up all I can find but cannot get the inbuilt cert to work. Any suggestions?

I finally decided it was time to look into getting a secure connection with SSL certificate set up on my server, so I went through the steps of grabbing a domain name and a SSL certificate. The name was easy and the certificate was alright, just a little slower to get because of my own stupidity. After various attempts doing incorrect things between Emby settings and port forwarding, I got the .pfx file linked in Emby, the domain name listed, and all the ports set up correctly. I went to test it by doing a complete new install of the Emby app on my android phone - entered my new HTTPS address in the path and 443 in the android port box, and it took me to the server's login page almost instantly, so I was super happy about that. I then set up an Apple TV box on an external network to try that, and again it loaded up the login screen right away after putting the address in. The oddity that I'm running into now is that I've also tested it in four different web browsers, both from two computers and an iPad on my local network as well as from two different computers off the network just to make sure, and came up with the following results in terms of how quickly the browsers would actually pull up the login page after entering the address in the browser bar: - Safari = almost instantly, 1-2 seconds - Chrome = 17-22 seconds - Firefox = 20-23 seconds - Internet Explorer = 22-26 seconds If I use my straight IP address to get to my server from any of those computers, it's a 1-2 second load time no matter what browser I use. I haven't had time to stream anything for a significant amount of time through the secure connection, so I don't know if streaming is affected or not yet - after a quick forum search, I did see a thread about reverse proxy potentially causing streaming issues, but I'm not running a reverse proxy at all. Has anyone noticed problems with streaming when going through a domain name with SSL? Anyway, after all that explanation, my real question about the login screen is whether others have seen it as a common thing for the login page to be pulled up so slowly when using a domain and SSL certificate to get to the server, especially with the major non-Apple browsers? Thanks for any feedback.

From LDAP test-thread: For greater compatibility, can STARTTLS be implemented? It would save a lot of time mucking about with certificates when using MS AD. This is running perfectly with a Wordpress plugin I'm using. Only had to enter the DC IP, Base DN and credentials and up and running within a minute.

I have been trying to follow the instructions from this Wiki https://github.com/MediaBrowser/Wiki/wiki/Secure-Your-Server to secure my Emby server running on a Windows 10 box. Has anyone tried these instructions lately using the free domain services offered by Freenom? I'm hoping so. It was relatively easy to set up a free domain with Freenom. I then went to SSL for Free and got two text files to upload to my newly acquired Freenom domain which were to be manually verified. I was able to upload them as directed in the Wiki, but then hit a snag with the SSL for Free instructions which require now require you to either confirm that a folder exists called ".well-known" for as a destination for uploading the files, or if no such folder is located to create one. I could not find any information on the Freenom website regarding the existence of or creation of the necessary "well-known" folder structure to house the test files so that the proper uploading to the Freenom could be verified. Hoping (don't we always) that perhaps "well-known" was the default folder structure that my uploads had been placed, I tried to verify the upload through SSL for Free, and always got a 404 not found return in my browser. I am hoping someone can lead me to an answer. Thanks in advance.

So in the Plex Client in the settings page you can set a setting to "Prefer insecure connection" : "Always" . This means you will now connect over non-ssl. Firstly does the Emby Client on LG TV attempt to connect over SSL . And if it does, how can I tell the Client to not use SSL and to use an insecure connection ? Thanks

I have had Emby for quite a time now and recently bought Emby Premiere so I could use it on more platforms. I have my Emby server running locally on Debian and can connect remotely through my domain (assume my.domain.com). Emby works fine (with SSL) on following the devices I tested: Android app iOS app Windows Store app Xbox One app Most PCs web interface However, I could not get it working with SSL on my LG TV with WebOS 3.5 (LG OLED55B6V if it matters). It did work on a non-secure connection, but when I try to add the server as SSL connection, it simply denies connection like it doesn't even exist. Even when I log onto my Emby Connect account, it simply doesn't show the server, where all other devices do. Now I've read some problems about the SSL certificate (https://emby.media/community/index.php?/topic/57575-lg-emby-app-106-ssl-problem-connecting-to-server/), I'm currently using Comodo PostiveSSL as a certificate, which I have seen at least one other person have problems with as wel. However, I've also seen that some people with Let'sEncrypt have this problem. (https://emby.media/community/index.php?/topic/61481-unable-to-connect-over-https/) There is suggested that LG is simply blocking my certificate, but when I go to my site with the WebOS webbrowser (same certificate), it allows the certificate and shows the site as 'secure'. So somewhere the TV actually does allow the certificate. So I'm not sure where the problem resides. Also, I've shortly tested it on a PS4 from a friend. There was no app, so I used the built-in webbrowser. It also didn't seem to work there, seemed to have the same problem: simply not showing the server. Didn't have much time to test it there, so don't pin me on this. My question is: does anyone have Emby running over SSL with any certificate on LG WebOS 3.5? If so, what certificate do you use?

Sorry for posting yet another SSL threadTM, but I'm not sure how to troubleshoot this. . I have a subdomain that I've registered through IONOS (formerly 1&1). I have an SSL certificate that IONOS is managing for me at my top-level domain. How do I get my subdomain to direct to my server? Do I just redirect to my server's remote IP address? Also, in reviewing the various other guides I've found on this, it looks like I may need to download my SSL certificate and keys an import those into emby? It doesn't appear I have the option to do that from my IONOS dashboard as I've configured it so that IONOS manages it and not me. Is that a deal breaker? Or is there another way around this? I feel like I have the basic pieces available to setup SSL for remote connections to my server, but I just need to take a few more steps to get to the finish line.

Hi i would like to know if its possible to reuse my certificate LetsEncrypt from my NAS TS-251 to connect through https ? i tried to put the path of the cert certificate but its not working. here is what i have Custom SSL certificate path: /mnt/HDA_ROOT/.config/QcloudSSLCertificate/cert/cert error after restarting EmbyServer 2019-01-05 12:05:44.470 Info AuthenticationRepository: PRAGMA synchronous=1 2019-01-05 12:05:44.526 Error App: No private key included in SSL cert /mnt/HDA_ROOT/.config/QcloudSSLCertificate/cert/cert. 2019-01-05 12:05:44.737 Info ActivityRepository: Default journal_mode for /share/CACHEDEV1_DATA/.qpkg/EmbyServer/programdata/data/activitylog.db is wal and in my web page Secure Connection Failed The connection to xxxxxxxxxxxxxxx.myqnapcloud.com:yyyyyy was interrupted while the page was loading. The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. thanks for your help ade05fr

Hi I'm trying to use https for remote connections using Synology reverse proxy and letsencrypt certificate installed using DMS control panel. Here what I did so far: 1. Setup DDNS using synology.me service 2. Create a letsencrypt certificate for this domain using DMS control panel 3. Create a reverse proxy setting on port 8921 to redirect to localhost:8096 4. Setup the https://*:8921 service to use the "mydomain".synology.me certificate 5. Setup port forwarding on my router to forward port 8921 to my nas port 8921 6. Setup emby advance settings, I set the external domain, https port and the secure connection mode to "Handled by reverse proxy". Everthing is working greate except for 1 thing. If I use https://"mydomain".synology.me:8921, I get a secure connection to emby server with the message : Secure connection: verified by Let's Encrypt. However, if I use this url instead: https://"mypublicip":8921, I get to my emby server on a unsecure connection with this message: "mypublicip":8921 uses an invalid security certificate. The certificate is only valid for "mydomain".synology.me. I can add an exception in the browser and get to my emby server on an unsecure connection, which defeat the purposeto have a secure connection at the first place. Did I miss a setting somewhere, anything that could explain why I can get to my emby server on a unsecure connection through my public ip? Thank you

Hello, I have not been able to send email notifications using TLS/SSL using the email notification plug-in. I am able to send using non-secure settings. I have attached the log of the tests I have done. I am in the process of migrating my server to FreeNAS 11. I was not able to send using secure setting on my previous Freenas 9 set-up. Any help would be appreciated. Set-up Emby: 3.5.2.0 (FreeNAS plugin build) OS: FreeNAS-11.2-RC1 Plug-in Version: 3.1.2.0 embytlsemailerrorlog.txt

Im using Linux Ubuntu 16.04 64 bit and Asustor AS-604T ADM 3.2.1 This requires you do own a domain and have create a Lets Encrypt certificate! Following ports should be open: 80, 443, 8096 and 8920 1. Login to ADM web interface > Settings > Certificate Manager - Click on Export Certificate. 2. Extract certificate.zip and open the folder certifiate 3. right click in the folder - select open terminal 4. enter the command: * Please change the name of the give-me-a-name.pfx * After execution of this command you will be prompted to create a password, this is recommanded! openssl pkcs12 -export -out give-me-a-name.pfx -inkey ssl.key -in ssl.crt 5. Save the new create give-me-a-name.pfx file on your NAS in a shared folder of own choice 6. go to: http://local.ip.of.nas:8096/ 7. Go to Advanced and do the following Check that Allow remote connection to this Emby Server is marked. * add external domain name * Custon ssl certificate path (Click on the magnifier right to the text field and navigate to where the .pfx file is. * Certificate password - Add the password you entered after execution of step 4. * Secure connection mode - Set to preferred, but not required. 8. Hit save and navigate to Controlpanel > Restart - Now you should be able to access the Emby Media Server from outside.

The error message is: System.ObjectDisposedException: Cannot access a disposed object. Object name: 'SslStream'. Maybe this is related to these other reports but the error message I get is different (see attached file): https://emby.media/community/index.php?/topic/59531-external-ssl-connections-crashing https://emby.media/community/index.php?/topic/61243-server-crashing-within-minutes Thanks embyserver-63670224519.txt

I have had a few people ask me to explain how I set up my Apache server to forward to my Emby server. Here is a breakdown of how mine is set up should anyone else wish to try this. This is just my way of doing this (yeah, I know, Nginx exists but I have always been an Apache user). Note that I use RPM based distributions, and my frontend Apache server is running on Fedora Server Edition (so that I can have the http/2 goodness). My instructions will emphasize this type of Linux distribution, so you will need to read up on how your particular flavor of Linux handles Apache installations. First off, here is an overview of my network. Everyone's network is different, but this is what I have set up: edge firewall -> wireless ap/firewall -> apache server -> media server (where the media files are actually stored) On my firewalls, I only have ports 80 and 443 tcp opened up, and they forward to my Apache server. No other ports are exposed to the Internet. My Emby server is not configured with SSL. All SSL is terminated at my Apache server. This way, I can use one SSL certificate to encrypt any web services that I run on my network, without trying to get a certificate for each individual server installation. Anything that comes in on port 80 automatically gets forced over to port 443 (this is done by my Apache server itself). I am also using HTTP/2 which has helped with the various web services that my Apache frontend is exposing to the web. Also, all of my internal servers are running host-based firewalls. There is nothing wrong with security in depth here, and I have personally not heard a valid reason to not run a host-based firewall for your networking services. I use https://letsencrypt.org/ for my SSL certificate. It's free, and their tools are awesome. If you use their services, please donate to them as they are providing a valuable service to practically every community. I also have my own domain name set up and registered, with a dynamic IP from my ISP. There are a plethora of services that will let you register your dynamic IP for a domain name, so search around for the one that suits you best. Personally, I am using Google Domains for mine. My firewall assists in keeping my latest IP registered for my domain. This is extremely handy for mobile devices and family members who wish to use my Emby server remotely. Here are the general steps I would recommend to someone setting this up for themselves: Use an edge firewall. The extra protection is worth it. Use your edge firewall to keep track of your public IP, and use whatever agent that your dynamic DNS provider provides to keep your latest IP registered for your domain. I do not recommend doing this from your Apache server, as your Apache server should be further into your network and protected by your other firewall(s). Set up an SSL certificate for your domain. Again, LetsEncrypt is pretty awesome. Install Apache on a server that can handle a fair amount of network traffic. If you are using LetsEncrypt, set up the agent to keep up with your SSL certificate on this server. dnf groupinstall "Web Server" dnf install mod_http2 Configure your Apache server. On a Fedora, CentOS, RHEL system create a file called /etc/httpd/conf.d/00_yourdomain.conf (the two zeroes are there to make sure that your domain file is loaded first). Here are snippets of my configuration (cleaned up a bit for, you know, security): <VirtualHost *:80> Protocols h2c http/1.1 # Send everything over to https instead, best practice over mod_rewrite ServerName example.com Redirect / https://example.com/ </VirtualHost> <VirtualHost _default_:443> # Enable http/2 Protocols h2 http/1.1 <IfModule http2_module> LogLevel http2:info </IfModule> SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DH-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4 SSLHonorCipherOrder On SSLCompression off Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains" Header always set X-Frame-Options SAMEORIGIN Header always set X-Content-Type-Options nosniff SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/example.com/fullchain.pem <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/var/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 ServerName example.com ServerAlias example.com ErrorLog logs/example-error_log RewriteEngine on RewriteRule ^/emby(.*) http://127.0.0.1:8096/emby$1 [proxy] RewriteRule ^/emby http://127.0.0.1:8096 [proxy] RewriteRule ^/embywebsocket(.*) http://127.0.0.1:8096/embywebsocket$1 [proxy] RewriteRule ^/embywebsocket http://127.0.0.1:8096 [proxy] <location /emby> ProxyPass http://127.0.0.1:8096/ ProxyPassReverse http://127.0.0.1:8096/ </location> <location /embywebsocket> ProxyPass http://127.0.0.1:8096/ ProxyPassReverse http://127.0.0.1:8096/ </location> </VirtualHost> So what this does for me is let Apache handle all incoming port 80 requests, and turns them into encrypted traffic. All connections to and from the server (that can support it) are encapsulated in HTTP/2 packets. All of my SSL encrypted web traffic is handled by one certificate, so I can have multiple URL paths served by the same domain name, with only the https port used, and it just plain looks cleaner. For example, you can have: https://example.com/emby https://example.com/nextcloud https://example.com/hello_kitty_island_adventure Or whatever suits your needs. My Emby server doesn't have to worry about any proxy configurations or SSL, as Apache takes care of all of that. My example is using the localhost IP address to direct all incoming and outgoing Emby requests, but if you are using a separate host that runs Emby, just make sure to use the IP of that system instaed and that you have port 8096 open and available. I hope that others may find this helpful.

I am still having issues with the chrome browser. I get a message saying SSL Version Interference. I Attached is the mono version I have installed (5.2.0) I believe to understand that I have this issue because Chrome requires a higher TLS version.

Hello, I have a old ssl cert that has expired so I have loaded the new cert onto the server but it is still hosting the old cert. I have tried restarting the emby server application multiple times, restarting the server, recreating the .pfx and reloading it and it is still using the old cert. Any suggestions as to why this is happening? Thank you for your time,

Hello, I used Swynol's guide on setting up a reverse proxy in attempt to set up my own (Reference Post #5 - https://emby.media/community/index.php?/topic/47508-how-to-nginx-reverse-proxy/). In terms of NGINX config set up, I essentially copy and pasted his last post replacing his domains and sub-domains with my own. For the Emby server set up I have the public https port to 443, the external domain set, and the secure connection mode set to "Reverse Proxy". I have manually checked the server config xml and verified that "requirehttps" is false. I also have my 80 and 443 ports forwarded to the NGINX server on my router. The issue I'm getting is that when I try to access my server I get a "ERR_TOO_MANY_REDIRECTS" in chrome. I've exhausted my google-fu techniques and come to seek knowledge from others who may be more savvy with NGINX and reverse proxies.