Fedora Linux is a robust and community-driven distribution, well-regarded for its focus on free and open-source software and cutting-edge features. It’s an excellent choice for a home server, offering stability and security. If you’re looking to run Roon Server, a powerful music server platform, on your Fedora machine, this guide will walk you through the process of installing it securely and efficiently. This article expands upon the official Roon documentation and provides detailed steps to set up Roon Server on Fedora Linux, emphasizing security by running the server as a dedicated user, rather than as root.
This approach mitigates potential security risks and aligns with best practices for server administration on Linux. Let’s dive into how to get Roon Server up and running on your Fedora Linux Server.
Prerequisites
Before we begin, ensure your Fedora Linux server meets the basic requirements for Roon Server. While the original article mentions dependencies for Fedora 37 Workstation, these are generally applicable to most Fedora installations intended for server use.
Installing Dependencies
Roon Server relies on certain libraries and utilities to function correctly. Open your terminal and use the dnf package manager, Fedora’s default tool, to install these dependencies.
sudo dnf install ffmpeg alsa-lib cifs-utils- ffmpeg: A comprehensive multimedia framework required for audio and video processing.
- alsa-lib: The Advanced Linux Sound Architecture library, essential for audio output and handling.
- cifs-utils: Utilities for the Common Internet File System protocol, often needed for accessing music files stored on network shares, such as Windows file servers or NAS devices.
It’s also a good practice to verify your glibc version. While the original article mentions version 2.36 as sufficient, modern Fedora releases will invariably have a more recent version. You can check the installed version using:
dnf --cacheonly --installed info glibcThis command confirms that glibc, the GNU C Library, is installed and provides version information, ensuring compatibility.
Creating a Dedicated Roon User for Enhanced Security
A critical aspect of securing your Fedora Linux server is to avoid running services as the root user. The root user has unrestricted access to the entire system, and if a service running as root is compromised, the entire system becomes vulnerable. Therefore, we will create a dedicated user specifically for running Roon Server.
User Creation and Security Best Practices
Let’s create a new user named roon. This user will own the Roon Server files and run the service, limiting potential damage should a security vulnerability be found in Roon Server.
sudo useradd roonThis command adds a new user named roon to your Fedora system. Next, set a password for this user. While it might not be strictly necessary for running commands via sudo --user=roon, setting a password is a good security practice and can be useful for debugging or more advanced configurations.
sudo passwd roonYou will be prompted to enter and confirm a password for the roon user. Choose a strong, unique password.
For easier debugging and file access during setup, you can add your own user to the roon group. This allows your user to read files owned by the roon user, which can be helpful for troubleshooting.
sudo usermod -G roon $USERReplace $USER with your actual username. This command adds your user to the supplementary group roon.
Downloading and Installing Roon Server Software on Fedora
Now that we have the prerequisites and a dedicated user set up, let’s download and install the Roon Server software.
Downloading the Roon Server Package
First, navigate to the /tmp directory, a common location for temporary files, and download the Roon Server package from Roon Labs.
cd /tmp
wget https://download.roonlabs.net/builds/RoonServer_linuxx64.tar.bz2This command uses wget to download the Roon Server archive to the /tmp directory.
Extracting and Moving Roon Server Files
Next, we need to extract the downloaded archive and move the extracted files to the /opt directory. /opt is conventionally used for installing optional application software packages. We will perform these actions as the roon user.
su -l roon
cd /tmp
tar --bzip2 -xvf RoonServer_linuxx64.tar.bz2
exitThese commands switch the user to roon using su -l roon, navigate to /tmp, extract the archive using tar, and then return to your original user using exit.
Now, move the extracted RoonServer directory from /tmp to /opt.
sudo mv -i /tmp/RoonServer /opt/.The -i flag with mv ensures interactive mode, prompting before overwriting existing files, although in this fresh installation, it’s unlikely to be needed.
Setting up Data Directories for Roon Server
Roon Server requires directories for storing its database and logs. We’ll follow the convention used by the Easy Installer and create /var/roon for this purpose. We also need to ensure the roon user owns this directory.
sudo mkdir /var/roon
sudo chown roon:roon /var/roonThese commands create the /var/roon directory and then use chown to change the owner and group of this directory to roon.
Running the Roon Server Check Script
Roon Server includes a check script to verify the installation environment. While not strictly mandatory, running it can help identify potential issues early on.
/opt/RoonServer/check.shThis script should output “SUCCESS” if the environment is correctly set up for Roon Server.
At this point, you could optionally run the start.sh script to quickly test if Roon Server starts. However, we will proceed to set it up as a systemd service for proper management.
Configuring Firewall for Roon Server on Fedora Linux
Fedora Linux, by default, uses firewalld as its firewall management tool. To allow Roon Server to be accessible on your network, we need to configure firewall rules.
Firewalld Setup for Roon Server
Instead of manually opening individual ports, which can be error-prone, we will create a dedicated firewalld service for Roon Server. The original article references firewall settings from a Roon community thread and a gist file. You can create a file named roon-server.xml with the following content, based on those settings:
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>Roon Server</short>
<description>Roon music server</description>
<port protocol="tcp" port="9003"/>
<port protocol="tcp" port="9100-9200"/>
<port protocol="udp" port="1900"/>
<port protocol="udp" port="239.255.255.250:1900"/>
<port protocol="tcp" port="80"/>
<port protocol="tcp" port="443"/>
</service>Save this file as roon-server.xml on your server, for example, in your home directory or /tmp. Then, use firewall-cmd to add this service permanently:
sudo firewall-cmd --permanent --new-service-from-file=/path/to/roon-server.xmlReplace /path/to/roon-server.xml with the actual path to where you saved the file. This command adds the Roon Server service definition to firewalld.
To ensure the service is properly loaded and enabled, you can try reloading firewalld. If you encounter issues or need to re-apply the service, you can first remove it and then re-add it.
sudo firewall-cmd --remove-service=roon-server
sudo firewall-cmd --permanent --add-service=roon-server
sudo firewall-cmd --reloadThe --reload command applies the changes without interrupting existing connections. Make sure the roon-server service is enabled in your firewall configuration using the firewall configuration tool or command line.
Setting up Roon Server as a Systemd Service on Fedora
To manage Roon Server as a service that automatically starts on boot and can be easily controlled, we will set it up as a systemd service.
Creating the Systemd Service File for Roon Server
Create a file named roonserver.service with the following content in /etc/systemd/system/. This configuration is adapted from the original article and modified for clarity and best practices:
[Unit]
Description=RoonServer
After=network-online.target
[Service]
Type=simple
User=roon
Environment=SYSTEMD_LOG_LEVEL=debug
Environment=ROON_DATAROOT=/var/roon
Environment=ROON_ID_DIR=/var/roon
ExecStartPre=/usr/bin/firewall-cmd --add-service=roon-server
ExecStart=/opt/RoonServer/start.sh
ExecStopPost=/usr/bin/firewall-cmd --remove-service=roon-server
Restart=on-abort
[Install]
WantedBy=multi-user.targetExplanation of the service file:
[Unit]Section:Description: A human-readable description of the service.After=network-online.target: Ensures the service starts after the network is online.
[Service]Section:Type=simple: Indicates a simple service that starts a single process.User=roon: Specifies that the service should run as theroonuser.Environment=...: Sets environment variables for Roon Server, including debug logging and data directory paths.ExecStartPre=/usr/bin/firewall-cmd --add-service=roon-server: Command to run before starting Roon Server. Here, it adds theroon-serverfirewall service. The+prefix in the original article to run as root is not needed here as systemd service commands are generally run with sufficient privileges.ExecStart=/opt/RoonServer/start.sh: The command to start Roon Server.ExecStopPost=/usr/bin/firewall-cmd --remove-service=roon-server: Command to run after stopping Roon Server, removing the firewall service.Restart=on-abort: Specifies that systemd should restart the service if it exits abnormally.
[Install]Section:WantedBy=multi-user.target: Configures the service to start during the multi-user system startup process.
Save this file as /etc/systemd/system/roonserver.service.
SELinux Considerations on Fedora Linux Server
Fedora Linux comes with SELinux (Security-Enhanced Linux) enabled, which adds an extra layer of security. In some cases, SELinux might prevent Roon Server from functioning correctly initially. If you encounter issues starting the service, SELinux might be the cause.
The original article mentions an SELinux alert related to start.sh executing start.sh. If you encounter similar SELinux denials, you can use the suggested command to restore the default SELinux context to the start.sh script:
sudo /sbin/restorecon -v /opt/RoonServer/start.shIf you continue to have SELinux issues, you can use the SELinux troubleshooting tools or examine the audit log (/var/log/audit/audit.log) for more details. However, in many standard Fedora Server setups, the above command might be sufficient to resolve common SELinux related startup problems for Roon Server.
Starting and Managing the Roon Server Service
Now that the systemd service file is in place, you can start, stop, and manage Roon Server using systemctl.
To start Roon Server:
sudo systemctl start roonserverTo check the status of the service:
systemctl status roonserverThis command will show you if the service is active, any recent logs, and potential error messages.
To stop Roon Server:
sudo systemctl stop roonserverTo enable Roon Server to start automatically on boot:
sudo systemctl enable roonserverTo disable automatic startup:
sudo systemctl disable roonserverGranting the Roon User Access to Your Music Library on Fedora
For Roon Server to play your music, the roon user needs access to your music files.
Symlinks and File Permissions for Music Access
The original article uses a symlink to provide access to the music directory. As the roon user, create a symbolic link in the roon user’s home directory (/home/roon) pointing to your actual music directory.
su -l roon
ln -s /path/to/your/music myMusic
exitReplace /path/to/your/music with the actual path to your music library. This command creates a symlink named myMusic in /home/roon that points to your music directory.
If your music is located on an NTFS partition (e.g., if you dual-boot with Windows), you might need to adjust mount options in /etc/fstab to ensure the roon user has read access. The original article mentions mounting the NTFS partition with the group ID of the roon user. This is a more advanced topic, and the specific steps depend on your file system and mount configuration. Generally, ensure that the roon user has at least read permissions to your music files and directories.
Setting up Roon and Connecting
With Roon Server running as a systemd service on your Fedora Linux server and firewall configured, you should now be able to connect to it using Roon Control apps on your phone, tablet, or computer.
Open your Roon Control app. It should automatically detect your new Roon Server on your Fedora machine. Follow the prompts in the Roon Control app to set up your music library, audio outputs, and other Roon settings. When adding music storage locations, point Roon Server to /home/roon/myMusic, which is the symlink we created to your actual music library.
Further Considerations for Fedora Linux Roon Server
This guide covers a basic and secure setup for Roon Server on Fedora Linux. Depending on your specific needs and setup complexity, you might need to consider additional aspects:
- Plugins and Extensions: If you use Roon plugins or extensions, ensure they are compatible with Linux and consider any specific installation or configuration requirements.
- Roon ARC: If you plan to use Roon ARC for remote access to your music library, you might need to configure port forwarding on your router in addition to the firewall rules on your Fedora server.
- Network Attached Storage (NAS): For music stored on a NAS, ensure proper network connectivity and file sharing protocols (like SMB/CIFS or NFS) are configured and accessible by the
roonuser. - Removable Drives: If your music is on removable drives, you might need to configure udev rules or scripts to automatically mount and make them accessible to Roon Server when connected.
By following this comprehensive guide, you have successfully installed and configured Roon Server on your Fedora Linux server, prioritizing security and stability. Enjoy your high-fidelity music experience powered by Fedora and Roon!
