Server Setup
Run Hexed as a background service with systemd, put it behind nginx or the h3xed.app relay tunnel for remote access, and configure GPU transcoding.
Systemd Service
Create /etc/systemd/system/hexed.service:
[Unit] Description=Hexed Media Server After=network.target [Service] User=hexed WorkingDirectory=/opt/hexed EnvironmentFile=/opt/hexed/.env ExecStart=/usr/bin/node server/index.js Restart=on-failure RestartSec=5 [Install] WantedBy=multi-user.target
Enable and start:
sudo systemctl daemon-reload sudo systemctl enable hexed sudo systemctl start hexed
Check status:
sudo systemctl status hexed
h3xed.app Relay Tunnel
The easiest way to enable remote access is through the h3xed.app relay tunnel. When you link your server to h3xed.app during setup (or later via the admin panel), a secure relay tunnel is established automatically. This means:
- No port forwarding required
- No nginx or SSL configuration needed
- Users access your server through
h3xed.appwith cloud login - The relay handles HTTPS termination for you
Nginx Reverse Proxy
If you prefer a custom domain or want direct control, proxy a subdomain to the Hexed server. Example for media.example.com:
server {
listen 443 ssl http2;
server_name media.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location / {
proxy_pass http://127.0.0.1:32400;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Required for streaming
proxy_buffering off;
proxy_read_timeout 300s;
proxy_send_timeout 300s;
# WebSocket support (if needed later)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
Or proxy via a path prefix (e.g. /hexed-api/):
location /hexed-api/ {
proxy_pass http://127.0.0.1:32400/;
proxy_buffering off;
proxy_read_timeout 300s;
}
Consumer Web App
Hexed serves a consumer web app at /watch/ where your users can browse and stream media. Share your server URL with the /watch/ path (e.g. https://media.example.com/watch/) or let users access it through h3xed.app after accepting an invite.
GPU Transcoding
NVIDIA (NVENC)
Requirements:
- NVIDIA GPU (GTX 1050+ / RTX series)
- NVIDIA driver 470+ installed
- ffmpeg compiled with
--enable-nvenc(most distro packages include this)
Verify:
nvidia-smi ffmpeg -encoders 2>/dev/null | grep nvenc
Hexed auto-detects NVIDIA hardware and selects NVENC automatically.
Intel Quick Sync
Requirements:
- Intel CPU with integrated graphics (6th gen+)
/dev/dri/renderD128device available- ffmpeg with
--enable-vaapior--enable-libmfx
AMD (VAAPI/AMF)
Requirements:
- AMD GPU with VAAPI support
mesa-va-driversinstalled- ffmpeg with
--enable-vaapi
Check detected hardware via the API:
curl http://localhost:32400/api/hardware \ -H "Authorization: Bearer YOUR_TOKEN"
Firewall
If your server runs a firewall, open the Hexed port:
# firewalld (Fedora/RHEL) sudo firewall-cmd --add-port=32400/tcp --permanent sudo firewall-cmd --reload # ufw (Ubuntu/Debian) sudo ufw allow 32400/tcp
SELinux (Fedora/RHEL)
SELinux may block Node.js from reading .env. Fix:
sudo chcon -t bin_t /opt/hexed/.env
Deploy Script
Example deploy script for pulling updates and restarting:
#!/usr/bin/env bash set -euo pipefail cd /opt/hexed git fetch origin git reset --hard origin/main npm install --omit=dev sudo systemctl restart hexed echo "Deployed successfully" sudo systemctl status hexed --no-pager -l | head -15