How To Install Navidrome on Rocky Linux 10

Navidrome is a powerful open-source, self-hosted music streaming server that provides a modern alternative to commercial streaming platforms like Spotify and Apple Music. This comprehensive guide walks you through installing Navidrome on Rocky Linux 10, covering both native binary and Docker installation methods with detailed security configurations.

Rocky Linux 10 offers enterprise-grade stability, making it an ideal platform for hosting personal music streaming services. The distribution provides RHEL compatibility without licensing costs while delivering long-term support and robust security features essential for self-hosted applications.

Understanding Navidrome and Rocky Linux 10 Requirements

Navidrome Overview

Navidrome functions as a personal music streaming server with extensive capabilities for managing and streaming your music collection. The application features a web-based interface for music management, supports various audio formats, and maintains Subsonic API compatibility for seamless integration with mobile applications.

Core functionality includes multi-user support with individual libraries, scrobbling integration with Last.fm, and built-in transcoding capabilities. The system requires FFmpeg for audio processing, utilizes SQLite as the default database (with optional PostgreSQL/MySQL support), and includes built-in web server capabilities.

Essential system dependencies encompass file system permissions management, network port availability (default port 4533), and adequate storage space for both the application and music library. The software architecture supports various deployment scenarios from single-user setups to multi-user environments with extensive customization options.

Rocky Linux 10 Specifications

Rocky Linux 10 introduces specific hardware requirements that differ from previous versions. The distribution mandates a minimum 1 GHz x86_64-v3 processor, specifically requiring Intel Haswell (2013+) or AMD Excavator+ architectures. Memory requirements include 2GB minimum RAM, though 4GB+ is recommended for optimal performance, particularly when running additional services alongside Navidrome.

Storage specifications require 10GB minimum system space plus additional capacity for your music library. Network connectivity demands a stable internet connection for system updates and package installations. The distribution supports multiple architectures including x86_64-v3 (primary focus), aarch64 (ARM 64-bit), ppc64le (IBM Power), s390x (IBM Z mainframes), and riscv64 (RISC-V 64-bit).

Pre-Installation Setup and Prerequisites

System Preparation

Begin by updating your Rocky Linux 10 system to ensure all packages are current. Execute system updates using the DNF package manager:

sudo dnf update -y

Reboot the system if kernel updates were applied to ensure proper initialization of new components. Verify system version and architecture compatibility using:

cat /etc/rocky-release
uname -m

Create a dedicated navidrome user account for enhanced security. This approach follows Linux security best practices by isolating application processes:

sudo useradd -r -s /bin/false navidrome
sudo usermod -aG audio navidrome

Configure appropriate home directory permissions and establish group membership for file access. The audio group membership enables proper access to audio-related system resources while maintaining security boundaries.

Essential Dependencies Installation

Install the development tools group and essential utilities required for Navidrome installation:

sudo dnf groupinstall "Development Tools" -y
sudo dnf install wget curl tar nano vim htop -y

FFmpeg installation represents a critical dependency for Navidrome’s audio processing capabilities. Enable the EPEL repository for Rocky Linux and install FFmpeg with comprehensive codec support:

sudo dnf install epel-release -y
sudo dnf config-manager --set-enabled crb
sudo dnf install ffmpeg ffmpeg-devel -y

Verify FFmpeg installation and supported formats:

ffmpeg -version
ffmpeg -formats

The FFmpeg installation provides audio transcoding capabilities, format conversion support, and real-time streaming functionality essential for Navidrome’s operation across different devices and network conditions.

Method 1: Native Binary Installation

Directory Structure Creation

Establish the proper directory hierarchy for Navidrome installation following Linux Filesystem Hierarchy Standard conventions. Create the application directory in /opt for executable files:

sudo mkdir -p /opt/navidrome
sudo mkdir -p /var/lib/navidrome
sudo mkdir -p /etc/navidrome

Configure user and group ownership with appropriate permissions:

sudo chown -R navidrome:navidrome /opt/navidrome
sudo chown -R navidrome:navidrome /var/lib/navidrome
sudo chown -R navidrome:navidrome /etc/navidrome

Set executable permissions on binary files and establish read/write permissions for data directories:

sudo chmod 755 /opt/navidrome
sudo chmod 755 /var/lib/navidrome
sudo chmod 755 /etc/navidrome

This permission scheme implements security-focused access controls while ensuring proper functionality. The directory structure separates executable files, data storage, and configuration files according to Linux best practices.

Binary Download and Installation

Navigate to the GitHub releases page to download the latest stable release for linux_amd64. Determine the current version and download the appropriate archive:

cd /tmp
NAVIDROME_VERSION=$(curl -s https://api.github.com/repos/navidrome/navidrome/releases/latest | grep -oP '"tag_name": "\K(.*)(?=")')
wget https://github.com/navidrome/navidrome/releases/download/${NAVIDROME_VERSION}/navidrome_${NAVIDROME_VERSION}_linux_amd64.tar.gz

Verify download integrity using checksums provided on the release page. Extract the binary to the designated directory:

sudo tar -xzf navidrome_${NAVIDROME_VERSION}_linux_amd64.tar.gz -C /opt/navidrome/
sudo chown navidrome:navidrome /opt/navidrome/navidrome
sudo chmod +x /opt/navidrome/navidrome

Verify binary functionality with a version check and configure PATH variable for system-wide access:

/opt/navidrome/navidrome --version
sudo ln -s /opt/navidrome/navidrome /usr/local/bin/navidrome

Configuration File Setup

Create the navidrome.toml configuration file in the appropriate directory:

sudo tee /etc/navidrome/navidrome.toml > /dev/null << 'EOF'
# Navidrome Configuration File

# Music library location (adjust path as needed)
MusicFolder = "/var/lib/navidrome/music"

# Data folder for database and cache
DataFolder = "/var/lib/navidrome/data"

# Listening address and port
Address = "0.0.0.0"
Port = 4533

# Logging configuration
LogLevel = "info"
LogFile = "/var/log/navidrome.log"

# Database configuration (SQLite default)
DatabasePath = "/var/lib/navidrome/navidrome.db"

# Security settings
EnableTranscodingConfig = true
EnableSharing = false
EnableDownloads = true

# Scanner configuration
ScanSchedule = "@every 1h"
ScanInterval = "24h"
EOF

Set MusicFolder path to your music library location. Create the necessary directories referenced in the configuration:

sudo mkdir -p /var/lib/navidrome/music
sudo mkdir -p /var/lib/navidrome/data
sudo chown -R navidrome:navidrome /var/lib/navidrome

Configure advanced options including database settings, authentication parameters, transcoding quality, and security headers. The configuration supports PostgreSQL and MySQL alternatives to SQLite for larger deployments.

Method 2: Docker Installation

Docker Setup

Install Docker Engine on Rocky Linux 10 using the official Docker repository for the latest version and security updates:

sudo dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
sudo dnf install docker-ce docker-ce-cli containerd.io docker-compose-plugin -y

Configure Docker service startup and user permissions:

sudo systemctl start docker
sudo systemctl enable docker
sudo usermod -aG docker $USER

Install Docker Compose for container orchestration and verify installation functionality:

sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
docker --version
docker-compose --version

Implement Docker security configuration by configuring daemon security options, setting up user namespace mapping, and implementing container security policies. Configure firewall rules for Docker networks to maintain security boundaries.

Docker Compose Configuration

Create a docker-compose.yml file for Navidrome service configuration:

mkdir -p ~/navidrome
cd ~/navidrome

version: '3.8'

services:
  navidrome:
    image: deluan/navidrome:latest
    container_name: navidrome
    restart: unless-stopped
    ports:
      - "4533:4533"
    environment:
      - ND_LOGLEVEL=info
      - ND_SESSIONTIMEOUT=24h
      - ND_ENABLETRANSCODINGCONFIG=true
      - ND_MUSICFOLDER=/music
      - ND_DATAFOLDER=/data
    volumes:
      - "./data:/data"
      - "./music:/music:ro"
    user: "${UID}:${GID}"
    healthcheck:
      test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:4533/ping"]
      interval: 30s
      timeout: 10s
      retries: 3

Set volume mappings for music and data directories. Configure port mappings (4533:4533) and establish user ID/group ID for file permissions. Implement restart policies and health checks for reliability.

Configure environment variables for log level settings, timezone preferences, and custom configuration options. Create the necessary directories:

mkdir -p data music
export UID=$(id -u)
export GID=$(id -g)

Launch the Navidrome container:

docker-compose up -d

Systemd Service Configuration

Service File Creation

Create a systemd unit file for native binary installations to ensure automatic startup and proper service management:

sudo tee /etc/systemd/system/navidrome.service > /dev/null << 'EOF'
[Unit]
Description=Navidrome Music Streaming Server
After=remote-fs.target network.target
AssertPathExists=/etc/navidrome

[Service]
Type=simple
User=navidrome
Group=navidrome
ExecStart=/opt/navidrome/navidrome --configfile=/etc/navidrome/navidrome.toml
WorkingDirectory=/var/lib/navidrome
TimeoutStopSec=20
KillMode=process
Restart=on-failure

# Security settings
NoNewPrivileges=yes
ProtectSystem=strict
ProtectHome=yes
ReadWritePaths=/var/lib/navidrome /var/log
PrivateTmp=yes
ProtectKernelTunables=yes
ProtectControlGroups=yes
RestrictRealtime=yes

[Install]
WantedBy=multi-user.target
EOF

The service configuration defines service description and dependencies, sets the ExecStart path to the navidrome binary, and configures user/group for service execution. Security sandboxing options enhance system protection through systemd’s security features.

Service Management

Reload systemd daemon configuration and manage the Navidrome service:

sudo systemctl daemon-reload
sudo systemctl start navidrome
sudo systemctl enable navidrome

Verify service status and functionality:

sudo systemctl status navidrome
sudo journalctl -u navidrome -f

Monitor service resource usage and configure log rotation:

sudo systemctl show navidrome --property=MemoryCurrent,CPUUsage

Set up service failure notifications using systemd’s OnFailure directive and configure automatic restart policies for high availability scenarios.

Firewall and Security Configuration

Firewall Setup

Configure firewalld to open port 4533 for Navidrome access while maintaining security:

sudo firewall-cmd --permanent --add-port=4533/tcp
sudo firewall-cmd --reload

Implement zone-based firewall rules with source IP restrictions for enhanced security:

sudo firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" port protocol="tcp" port="4533" accept'
sudo firewall-cmd --reload

Verify firewall configuration:

sudo firewall-cmd --list-all

SELinux Considerations

Configure SELinux contexts for Navidrome to ensure proper security policy compliance:

sudo setsebool -P httpd_can_network_connect 1
sudo semanage fcontext -a -t bin_t "/opt/navidrome/navidrome"
sudo restorecon -v /opt/navidrome/navidrome

Set appropriate file contexts for directories and create custom SELinux policies if needed. Monitor SELinux denials and resolve conflicts:

sudo ausearch -m AVC -ts recent

Security Hardening

Implement file permissions security by restricting access to configuration files and setting minimal required permissions:

sudo chmod 600 /etc/navidrome/navidrome.toml
sudo chown root:navidrome /etc/navidrome/navidrome.toml

Configure network security measures including HTTPS with SSL/TLS certificates, reverse proxy implementation with Nginx, and fail2ban protection against brute force attacks.

Initial Setup and Configuration

First-Time Access

Navigate to http://localhost:4533 to access the web interface. Complete the initial administrator account setup by providing username, password, and email address. The first user automatically receives administrative privileges.

Configure basic server settings including library scanning preferences, transcoding options, and user interface customization. Verify music library detection by adding your music folder path and initiating the initial scan.

User Account Management

Create additional user accounts through the web interface or API. Configure user permissions and restrictions including library access, download permissions, and transcoding settings. Set up individual music library access and implement user quota systems for storage and bandwidth management.

Music Library Configuration

Configure music folder paths in the web interface or configuration file. Set up library scanning schedules for automatic metadata updates and new file detection. Configure metadata extraction options including cover art handling, genre classification, and album organization.

Implement advanced library features such as multi-library support for different music collections, smart playlists based on metadata criteria, and transcoding profiles optimized for different devices and network conditions.

Reverse Proxy Setup with Nginx

Nginx Installation and Configuration

Install Nginx web server for reverse proxy functionality:

sudo dnf install nginx -y
sudo systemctl start nginx
sudo systemctl enable nginx

Configure SSL/TLS certificates with Let’s Encrypt for secure connections:

sudo dnf install certbot python3-certbot-nginx -y
sudo certbot --nginx -d your-domain.com

Create a Navidrome-specific server block:

sudo tee /etc/nginx/conf.d/navidrome.conf > /dev/null << 'EOF'
server {
    listen 80;
    server_name your-domain.com;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name your-domain.com;

    ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem;

    location / {
        proxy_pass http://127.0.0.1:4533;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        
        # WebSocket support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}
EOF

SSL/TLS and Security Headers

Configure automatic certificate renewal and implement strong SSL/TLS configuration:

sudo systemctl enable --now certbot-renew.timer

Implement security headers for enhanced protection:

# Add to nginx server block
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "DENY" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;

Test and reload Nginx configuration:

sudo nginx -t
sudo systemctl reload nginx

Troubleshooting Common Issues

Installation Problems

Permission denied errors often result from incorrect file ownership or SELinux policies. Resolve by verifying user permissions and SELinux contexts:

sudo chown -R navidrome:navidrome /opt/navidrome /var/lib/navidrome
sudo restorecon -Rv /opt/navidrome

Architecture compatibility problems may occur on systems not meeting x86_64-v3 requirements. Verify processor compatibility:

/lib64/ld-linux-x86-64.so.2 --help | grep supported

Missing dependency resolution requires installing development tools and FFmpeg. Verify all dependencies are properly installed:

ldd /opt/navidrome/navidrome

Service Startup Failures

Systemd service configuration errors can prevent proper startup. Check service logs for detailed error information:

sudo journalctl -u navidrome --no-pager -l

Port binding conflicts occur when another service uses port 4533. Identify conflicting services:

sudo netstat -tulpn | grep :4533
sudo lsof -i :4533

Configuration file syntax errors prevent service startup. Validate configuration syntax and file permissions:

sudo /opt/navidrome/navidrome --configfile=/etc/navidrome/navidrome.toml --check

Runtime and Performance Issues

Music library scanning problems often result from file permission issues or unsupported formats. Verify directory permissions and FFmpeg codec support:

sudo -u navidrome ls -la /var/lib/navidrome/music
ffmpeg -codecs | grep -i mp3

Large library performance optimization requires database tuning and memory allocation adjustments. Monitor resource usage during scanning:

htop
iotop

Network connectivity issues may involve firewall restrictions or reverse proxy misconfigurations. Test direct access and proxy functionality:

curl -I http://localhost:4533
curl -I https://your-domain.com

Performance Optimization and Maintenance

Performance Tuning

Memory usage optimization involves configuring appropriate cache sizes and database parameters. Monitor memory consumption and adjust settings:

# Add to navidrome.toml
CacheSize = "100MB"
TranscodingCacheSize = "1GB"

CPU usage monitoring helps identify transcoding bottlenecks and concurrent user limits. Optimize transcoding settings based on server capabilities:

# Monitor CPU usage during transcoding
top -p $(pgrep navidrome)

Database performance optimization includes regular maintenance and index optimization for SQLite databases:

sudo -u navidrome sqlite3 /var/lib/navidrome/navidrome.db "VACUUM;"
sudo -u navidrome sqlite3 /var/lib/navidrome/navidrome.db "REINDEX;"

Regular Maintenance

Log rotation and cleanup prevents disk space issues:

sudo tee /etc/logrotate.d/navidrome > /dev/null << 'EOF'
/var/log/navidrome.log {
    daily
    rotate 30
    compress
    delaycompress
    missingok
    notifempty
    create 644 navidrome navidrome
    postrotate
        systemctl reload navidrome
    endscript
}
EOF

Database backup strategies ensure data protection:

# Create backup script
sudo tee /usr/local/bin/navidrome-backup.sh > /dev/null << 'EOF'
#!/bin/bash
DATE=$(date +%Y%m%d_%H%M%S)
BACKUP_DIR="/backup/navidrome"
sudo -u navidrome sqlite3 /var/lib/navidrome/navidrome.db ".backup ${BACKUP_DIR}/navidrome_${DATE}.db"
find ${BACKUP_DIR} -name "navidrome_*.db" -mtime +30 -delete
EOF

sudo chmod +x /usr/local/bin/navidrome-backup.sh

Software update procedures maintain security and functionality:

# For binary installations
# Check for new releases and update manually
# For Docker installations
cd ~/navidrome
docker-compose pull
docker-compose up -d

Congratulations! You have successfully installed Navidrome. Thanks for using this tutorial for installing Navidrome on the Rocky Linux 10 system. For additional help or useful information, we recommend you check the official Navidrome website.