diff --git a/.gitignore b/.gitignore
index ea8c4bf7..311d44ea 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,7 @@
 /target
+
+# Sensitive
+certificate.pem
+private_key.pem
+identity.pfx
+
diff --git a/Cargo.lock b/Cargo.lock
index cdd719e6..36ce9474 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -114,6 +114,15 @@ version = "1.9.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "325918d6fe32f23b19878fe4b34794ae41fc19ddbe53b10571a4874d44ffd39b"
 
+[[package]]
+name = "cc"
+version = "1.2.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c31a0499c1dc64f458ad13872de75c0eb7e3fdb0e67964610c914b034fc5956e"
+dependencies = [
+ "shlex",
+]
+
 [[package]]
 name = "cfg-if"
 version = "1.0.0"
@@ -166,6 +175,22 @@ version = "1.0.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5b63caa9aa9397e2d9480a9b13673856c78d8ac123288526c37d7839f2a86990"
 
+[[package]]
+name = "core-foundation"
+version = "0.9.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "91e195e091a93c46f7102ec7818a2aa394e1e1771c3ab4825963fa03e45afb8f"
+dependencies = [
+ "core-foundation-sys",
+ "libc",
+]
+
+[[package]]
+name = "core-foundation-sys"
+version = "0.8.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b"
+
 [[package]]
 name = "crossbeam-channel"
 version = "0.5.13"
@@ -203,6 +228,21 @@ version = "1.0.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"
 
+[[package]]
+name = "foreign-types"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1"
+dependencies = [
+ "foreign-types-shared",
+]
+
+[[package]]
+name = "foreign-types-shared"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b"
+
 [[package]]
 name = "getrandom"
 version = "0.2.15"
@@ -325,12 +365,32 @@ dependencies = [
  "clap",
  "clap_derive",
  "ipc-channel",
+ "native-tls",
+ "serde",
  "serde_json",
  "tokio",
+ "tokio-native-tls",
  "tracing",
  "tracing-subscriber",
 ]
 
+[[package]]
+name = "native-tls"
+version = "0.2.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a8614eb2c83d59d1c8cc974dd3f920198647674a0a035e1af1fa58707e317466"
+dependencies = [
+ "libc",
+ "log",
+ "openssl",
+ "openssl-probe",
+ "openssl-sys",
+ "schannel",
+ "security-framework",
+ "security-framework-sys",
+ "tempfile",
+]
+
 [[package]]
 name = "nu-ansi-term"
 version = "0.46.0"
@@ -356,6 +416,50 @@ version = "1.20.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1261fe7e33c73b354eab43b1273a57c8f967d0391e80353e51f764ac02cf6775"
 
+[[package]]
+name = "openssl"
+version = "0.10.68"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6174bc48f102d208783c2c84bf931bb75927a617866870de8a4ea85597f871f5"
+dependencies = [
+ "bitflags",
+ "cfg-if",
+ "foreign-types",
+ "libc",
+ "once_cell",
+ "openssl-macros",
+ "openssl-sys",
+]
+
+[[package]]
+name = "openssl-macros"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "openssl-probe"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf"
+
+[[package]]
+name = "openssl-sys"
+version = "0.9.104"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "45abf306cbf99debc8195b66b7346498d7b10c210de50418b5ccd7ceba08c741"
+dependencies = [
+ "cc",
+ "libc",
+ "pkg-config",
+ "vcpkg",
+]
+
 [[package]]
 name = "overload"
 version = "0.1.1"
@@ -391,6 +495,12 @@ version = "0.2.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "915a1e146535de9163f3987b8944ed8cf49a18bb0056bcebcdcece385cece4ff"
 
+[[package]]
+name = "pkg-config"
+version = "0.3.31"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "953ec861398dccce10c670dfeaf3ec4911ca479e9c02154b3a215178c5f566f2"
+
 [[package]]
 name = "ppv-lite86"
 version = "0.2.20"
@@ -482,12 +592,44 @@ version = "1.0.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f"
 
+[[package]]
+name = "schannel"
+version = "0.1.27"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1f29ebaa345f945cec9fbbc532eb307f0fdad8161f281b6369539c8d84876b3d"
+dependencies = [
+ "windows-sys 0.59.0",
+]
+
 [[package]]
 name = "scopeguard"
 version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"
 
+[[package]]
+name = "security-framework"
+version = "2.11.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "897b2245f0b511c87893af39b033e5ca9cce68824c4d7e7630b5a1d339658d02"
+dependencies = [
+ "bitflags",
+ "core-foundation",
+ "core-foundation-sys",
+ "libc",
+ "security-framework-sys",
+]
+
+[[package]]
+name = "security-framework-sys"
+version = "2.13.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1863fd3768cd83c56a7f60faa4dc0d403f1b6df0a38c3c25f44b7894e45370d5"
+dependencies = [
+ "core-foundation-sys",
+ "libc",
+]
+
 [[package]]
 name = "serde"
 version = "1.0.216"
@@ -529,6 +671,12 @@ dependencies = [
  "lazy_static",
 ]
 
+[[package]]
+name = "shlex"
+version = "1.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64"
+
 [[package]]
 name = "signal-hook-registry"
 version = "1.4.2"
@@ -623,6 +771,16 @@ dependencies = [
  "syn",
 ]
 
+[[package]]
+name = "tokio-native-tls"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bbae76ab933c85776efabc971569dd6119c580d8f5d448769dec1764bf796ef2"
+dependencies = [
+ "native-tls",
+ "tokio",
+]
+
 [[package]]
 name = "tracing"
 version = "0.1.41"
@@ -707,6 +865,12 @@ version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d"
 
+[[package]]
+name = "vcpkg"
+version = "0.2.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
+
 [[package]]
 name = "wasi"
 version = "0.11.0+wasi-snapshot-preview1"
diff --git a/Cargo.toml b/Cargo.toml
index 4bf18f7b..6608de1c 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -3,11 +3,22 @@ name = "mrc"
 version = "0.1.0"
 edition = "2021"
 
+[[bin]]
+name = "cli" # CLI implementation for terminal usage
+path = "src/cli.rs"
+
+[[bin]]
+name = "server" # remote usage
+path = "src/server.rs"
+
 [dependencies]
 clap = {version = "4.5.23", features = ["derive"]}
 clap_derive = "4.5.18"
 ipc-channel = "0.19.0"
+serde = { version = "1", features = ["derive"] }
 serde_json = "1.0.133"
 tokio = { version = "1.42.0", features = ["full"] }
+native-tls = "0.2"
+tokio-native-tls = "0.3"
 tracing = "0.1.41"
 tracing-subscriber = "0.3.19"
diff --git a/README.md b/README.md
new file mode 100644
index 00000000..81d9af61
--- /dev/null
+++ b/README.md
@@ -0,0 +1,6 @@
+Creating a PKCS#12 certificate file using OpenSSL:
+
+```bash
+openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
+openssl pkcs12 -export -out identity.pfx -inkey key.pem -in cert.pem
+```
diff --git a/src/server.rs b/src/server.rs
new file mode 100644
index 00000000..20b589f7
--- /dev/null
+++ b/src/server.rs
@@ -0,0 +1,211 @@
+use std::env;
+use std::sync::Arc;
+
+use native_tls::{Identity, TlsAcceptor as NativeTlsAcceptor};
+use serde_json::json;
+use tokio::io::{AsyncReadExt, AsyncWriteExt};
+use tokio_native_tls::TlsAcceptor;
+use tracing::{info, debug, error};
+
+use mrc::{set_property, get_property, playlist_clear, playlist_next, playlist_prev, quit, seek};
+
+const AUTH_TOKEN: &str = "your_secure_token";
+
+async fn handle_connection(
+    stream: tokio::net::TcpStream,
+    acceptor: Arc<TlsAcceptor>,
+) -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
+    let mut stream = acceptor.accept(stream).await?;
+    let mut buffer = vec![0; 2048];
+
+    let n = stream.read(&mut buffer).await?;
+    let request = String::from_utf8_lossy(&buffer[..n]);
+
+    debug!("Received request:\n{}", request);
+
+    let headers = request.split("\r\n").collect::<Vec<&str>>();
+    let token_line = headers.iter().find(|&&line| line.starts_with("Authorization:"));
+    let token = match token_line {
+        Some(line) => line.split(" ").nth(1).unwrap_or_default(),
+        None => "",
+    };
+
+    if token != AUTH_TOKEN {
+        stream.write_all(b"Authentication failed\n").await?;
+        return Ok(());
+    }
+
+    info!("Client authenticated");
+    stream.write_all(b"Authenticated\n").await?;
+
+    let command = request.split("\r\n\r\n").last().unwrap_or("");
+    info!("Received command: {}", command);
+
+    let response = match process_command(command.trim()).await {
+        Ok(response) => response,
+        Err(e) => {
+            error!("Error processing command: {}", e);
+            format!("Error: {:?}", e)
+        }
+    };
+
+    stream.write_all(response.as_bytes()).await?;
+    Ok(())
+}
+
+async fn process_command(command: &str) -> Result<String, String> {
+    match command {
+        "pause" => {
+            info!("Pausing playback");
+            set_property("pause", &json!(true), None)
+                .await
+                .map_err(|e| format!("Failed to pause: {:?}", e))?;
+            Ok("Paused playback\n".to_string())
+        }
+
+        "play" => {
+            info!("Unpausing playback");
+            set_property("pause", &json!(false), None)
+                .await
+                .map_err(|e| format!("Failed to play: {:?}", e))?;
+            Ok("Resumed playback\n".to_string())
+        }
+
+        "stop" => {
+            info!("Stopping playback and quitting MPV");
+            quit(None)
+                .await
+                .map_err(|e| format!("Failed to stop: {:?}", e))?;
+            Ok("Stopped playback\n".to_string())
+        }
+
+        "next" => {
+            info!("Skipping to next item in the playlist");
+            playlist_next(None)
+                .await
+                .map_err(|e| format!("Failed to skip to next: {:?}", e))?;
+            Ok("Skipped to next item\n".to_string())
+        }
+
+        "prev" => {
+            info!("Skipping to previous item in the playlist");
+            playlist_prev(None)
+                .await
+                .map_err(|e| format!("Failed to skip to previous: {:?}", e))?;
+            Ok("Skipped to previous item\n".to_string())
+        }
+
+        "seek" => {
+            let parts: Vec<&str> = command.split_whitespace().collect();
+            if let Some(seconds) = parts.get(1) {
+                if let Ok(sec) = seconds.parse::<i32>() {
+                    info!("Seeking to {} seconds", sec);
+                    seek(sec.into(), None)
+                        .await
+                        .map_err(|e| format!("Failed to seek: {:?}", e))?;
+                    return Ok(format!("Seeking to {} seconds\n", sec));
+                }
+            }
+            Err("Invalid seek command".to_string())
+        }
+
+        "clear" => {
+            info!("Clearing the playlist");
+            playlist_clear(None)
+                .await
+                .map_err(|e| format!("Failed to clear playlist: {:?}", e))?;
+            Ok("Cleared playlist\n".to_string())
+        }
+
+        "list" => {
+            info!("Listing playlist items");
+            match get_property("playlist", None).await {
+                Ok(Some(data)) => Ok(format!(
+                    "Playlist: {}",
+                    serde_json::to_string_pretty(&data).unwrap()
+                )),
+                Ok(None) => Err("No playlist data available".to_string()),
+                Err(e) => Err(format!("Failed to fetch playlist: {:?}", e)),
+            }
+        }
+        _ => Err("Unknown command".to_string()),
+    }
+}
+
+fn create_tls_acceptor() -> Result<TlsAcceptor, Box<dyn std::error::Error + Send + Sync>> {
+    // FIXME: This is ugly, needs to be cleaned up.
+    let pfx_path = match env::var("TLS_PFX_PATH") {
+        Ok(path) => path,
+        Err(_) => {
+            return Err(Box::new(std::io::Error::new(
+                std::io::ErrorKind::NotFound,
+                "Environment variable TLS_PFX_PATH is missing. Please provide the path to the TLS certificate file.",
+            )));
+        }
+    };
+
+    let password = match env::var("TLS_PASSWORD") {
+        Ok(password) => password,
+        Err(_) => {
+            return Err(Box::new(std::io::Error::new(
+                std::io::ErrorKind::NotFound,
+                "Environment variable TLS_PASSWORD is missing. Please provide the password for the TLS certificate.",
+            )));
+        }
+    };
+
+    // Try to read the PFX file and handle possible errors
+    let mut file = match std::fs::File::open(&pfx_path) {
+        Ok(f) => f,
+        Err(e) => return Err(Box::new(e)),
+    };
+
+    let mut identity = vec![];
+    if let Err(e) = std::io::Read::read_to_end(&mut file, &mut identity) {
+        return Err(Box::new(e));
+    }
+
+    // Try to create Identity from PFX data
+    let identity = match Identity::from_pkcs12(&identity, &password) {
+        Ok(id) => id,
+        Err(e) => return Err(Box::new(e)),
+    };
+
+    // Try to create TlsAcceptor from Identity
+    let native_acceptor = match NativeTlsAcceptor::new(identity) {
+        Ok(na) => na,
+        Err(e) => return Err(Box::new(e)),
+    };
+
+    Ok(TlsAcceptor::from(native_acceptor))
+}
+
+#[tokio::main]
+async fn main() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
+    tracing_subscriber::fmt::init();
+
+    info!("Server is starting...");
+    match create_tls_acceptor() {
+        Ok(acceptor) => {
+            let acceptor = Arc::new(acceptor);
+
+            // TODO: This needs to be accepted by Clap, and as arguments to the program
+            // But we can, for now, define those as consts that clap falls back to.
+            let listener = tokio::net::TcpListener::bind("127.0.0.1:8080").await?;
+            info!("Server is listening on 127.0.0.1:8080...");
+
+            loop {
+                let (stream, _) = listener.accept().await?;
+                info!("New connection accepted.");
+
+                let acceptor = Arc::clone(&acceptor);
+                tokio::spawn(handle_connection(stream, acceptor));
+            }
+        }
+
+        Err(e) => {
+            error!("Failed to initialize TLS: {}", e);
+            return Err(e);
+        }
+    }
+}