Self-hosted music streaming, honestly reviewed. No marketing fluff, just what you actually get when you run it yourself.

TL;DR

What it is: Open-source (AGPL-3.0) self-hosted music player for your local audio files — a browser-based streaming server you point at your own music folder [README].
Who it’s for: People who own a music collection and want a Spotify-quality playback experience without paying Spotify. Primarily home users and self-hosters who already have audio files on a NAS or home server [1].
Cost savings: Spotify costs $11.99/mo ($144/year). Plex with Plex Pass costs $120/year. SwingMusic is free software running on whatever server you already have. If you own your music, your streaming bill drops to $0 [README].
Key strength: The UI. Multiple reviewers specifically call it out — it genuinely looks good for a project at 1,780 GitHub stars. The folder-browser approach is a meaningful differentiator for people whose music libraries are organized by directory rather than perfect metadata [1].
Key weakness: Thin third-party coverage and a discovered path traversal vulnerability (CVE-2026-23877) fixed only in v2.1.4. The project is young, and it shows [1][3].

What is SwingMusic

SwingMusic is a self-hosted music streaming server you run on your own machine, NAS, or VPS. You point it at a folder containing your local audio files, and it serves a browser-based interface for browsing, searching, and playing your library — from any device on your network, or remotely.

The GitHub README describes it as “a beautiful, self-hosted music player for your local audio files. Like a cooler Spotify… but bring your own music.” That pitch is accurate. It’s not a streaming service — there’s no catalog of content. You provide the files, it provides the interface.

The project is written in Python, ships pre-compiled binaries for Linux and Windows (MacOS listed as coming soon), and has full Docker support. There’s also an Android client for mobile playback. The app starts on port 1970 by default and runs entirely in your browser — no Electron, no bundled GUI, no memory overhead beyond the server process itself [README].

As of this review: 1,780 GitHub stars, AGPL-3.0 license, active development (currently at v2.1.0 in the README, with v2.1.4 released as a security patch) [README][3]. The project has a subreddit (r/SwingMusicApp) and a Telegram community group for contributors.

Why people choose it

The self-hosted music player category is crowded: Navidrome, Jellyfin, Plex, Funkwhale, Gonic, mStream, and a dozen more. SwingMusic’s case rests on two things.

First, the UI genuinely stands out. LinuxLinks’ review [1] — one of the few substantive third-party write-ups available — leads with the interface: “The user interface looks very good.” For a category where tools like Navidrome ship functional-but-spartan UIs and Jellyfin prioritizes video-first UX, a music player that looks polished is notable. The project homepage shows artist pages that recall Spotify’s visual language — album art front and center, related artists, clean typography [homepage].

Second, the folder browser. This sounds minor and isn’t. Most music players force you into tag-based browsing: artist → album → track. That works beautifully when your metadata is pristine, and falls apart when it isn’t. SwingMusic’s folder view lets you navigate your library exactly the way your filesystem is organized [1][README]. The LinuxLinks reviewer calls this out as a genuine differentiator: “By taking the music by folders approach, Swing Music completely avoids these sorts of issues [with metadata and multi-artist albums]. This approach makes sense for lots of music collections, and helps the software stand out from the crowd.” [1]

What people are not choosing it for: transcoding pipelines, Subsonic API compatibility (use Gonic or Navidrome for that), or podcast support. SwingMusic is focused on local music playback and doesn’t try to be a universal media server.

Features

Based on the README and homepage:

Playback and library:

Browser-based UI, no Electron or desktop app required [README]
Folder view — browse by directory rather than forced tag-based navigation [README][1]
Silence detection with crossfade for seamless transitions between tracks [README]
Fuzzy search — handles typos and misspellings [homepage]
Duplicate track detection — hides duplicates and prefers the highest bitrate version [homepage]
Gapless playback: not available at initial release per [1], but silence detection + crossfade is a functional workaround for most cases

Metadata and discovery:

Metadata normalization for a consistent library view [README]
Album versioning — infers Deluxe, Remaster, Live, etc. from album titles and groups accordingly [README][homepage]
Related artists and related albums [README][homepage]
Collections — group albums and artists by custom preferences [README]

Personalization and intelligence:

Daily Mixes — curated based on your listening history [README]
Listening statistics [README]
Lyrics view [README]
Last.fm scrobbling [README]
Playlist management [README]

Platform and clients:

Cross-platform server: Windows and Linux binaries; MacOS arm64 and x86 supported; Docker and Docker Compose [README]
Android mobile client (separate repo: github.com/swingmx/android) [README]
Multi-user support with separate accounts [README]
Version history [merged profile]

Notable missing features (as of this review):

No Subsonic API compatibility — can’t use with existing Subsonic clients like DSub or Symfonium
No iOS client
No transcoding for format conversion on-the-fly
MacOS binary listed as “coming soon” [README]

Pricing: SaaS vs self-hosted math

SwingMusic has no SaaS tier. It’s self-hosted-only software. The pricing question is: what does it replace, and what does running it cost?

What it replaces:

Spotify Premium: $11.99/mo ($143.88/year) — but only if your music collection overlaps with Spotify’s catalog, which it often doesn’t for niche genres, local artists, DJ mixes, or purchased music
Apple Music: $10.99/mo — same caveat
Plex (with Plex Pass for offline sync and mobile): $120/year, or $250 lifetime; Plex’s free tier has significant limitations for audio

Cost to run SwingMusic:

Software: $0 (AGPL-3.0)
If running on existing hardware (NAS, home server, old PC): $0 incremental cost beyond electricity
If you need a VPS: $4–6/mo on Hetzner or Contabo for a low-traffic personal instance
Domain + reverse proxy (optional, for remote access): $1–2/mo

Realistic math for a music collector: If you have 10,000+ local tracks — purchased music, ripped CDs, Bandcamp downloads — Spotify doesn’t replace your library. You’d need Spotify + something else. SwingMusic self-hosted on existing home hardware costs you one afternoon of setup. Against $143.88/year for Spotify that won’t play half your collection, the math is obvious.

Data on SwingMusic’s own pricing, paid tiers, or enterprise plans: none — the project is entirely community-funded via GitHub Sponsors.

Deployment reality check

Install path — binary: Download the Linux binary, chmod a+x ./swingmusic, run it. The app starts at http://localhost:1970. First launch prompts you to scan folders [1][README]. The LinuxLinks reviewer ran the Linux binary without issues [1].

Install path — Docker:

services:
  swingmusic:
    image: ghcr.io/swingmx/swingmusic:latest
    container_name: swingmusic
    volumes:
      - /path/to/music:/music
      - /path/to/config:/config
    ports:
      - "1970:1970"
    restart: unless-stopped

Straightforward. One caveat: the Docker path requires specifying /music as the root directory explicitly; the “Home Directory” option doesn’t work in containers [README].

FFmpeg dependency: The silence skip feature requires FFmpeg installed separately. On Linux: sudo apt-get install ffmpeg libev-dev libavcodec-extra -y. Not bundled, but a standard package on every Linux distro [README].

Default credentials: The default admin password is “admin”. Change it immediately after first login. This is documented in the README but it’s the kind of thing that doesn’t get done — and given the path traversal CVE below, it matters [README][3].

Security — CVE-2026-23877 (critical to know): A path traversal vulnerability was discovered in the /folder/dir-browser endpoint’s list_folders() function. Any authenticated user (not just admin) could browse arbitrary directories on the server filesystem by manipulating the directory path parameter with /../ sequences [3]. CVSS 4.0 score: 5.3 (medium). Fixed in v2.1.4. If you’re running any version before 2.1.4, upgrade now. If you’re exposing SwingMusic to the internet with multiple user accounts, this is a serious issue — non-admin users could read config files, credentials, or anything else on the server [3].

For remote access: The binary runs HTTP only. For external access, you need a reverse proxy (Caddy or nginx) with TLS. Not bundled, but standard setup for any self-hosted service.

Realistic time for a technical user: 20–45 minutes for a working local instance. For a non-technical person unfamiliar with Linux: 2–4 hours including reverse proxy for remote access, or an afternoon with a guide.

Pros and cons

Pros

Genuinely good UI. For a project this size, the interface is polished. Reviewers specifically note it [1]. This matters if you’re going to stare at it for hours.
Folder browsing. A real differentiator for music collections with mixed or incomplete metadata. You’re not at the mercy of your ID3 tags [1][README].
Zero ongoing cost for people running home servers. $0/month vs $10–12/month for streaming services, forever [README].
Simple deployment. Single binary or one Docker Compose file. No database to set up separately [README].
Android client included for mobile playback on your local network [README].
Active development. Daily Mixes, statistics, album versioning, silence detection — these aren’t features you find in half-finished projects [README].
No Electron. Browser-based UI means no separate memory-heavy desktop app [homepage].
Multi-user support built in [README].

Cons

CVE-2026-23877 — path traversal. Fixed in v2.1.4, but the fact that any authenticated non-admin user could browse the entire server filesystem is a meaningful security signal about the project’s security review maturity [3]. Upgrade and don’t expose to untrusted users.
AGPL-3.0 license, not MIT. The README describes it as MIT; LinuxLinks [1] lists it as MIT. The merged profile says AGPL-3.0. This discrepancy itself is a flag. AGPL requires that derivative works also be open-sourced — matters if you’re embedding this in a product.
Young project with documented bugs. LinuxLinks [1] noted “there are lots of bugs present” during their testing period. The project has matured since, but third-party review coverage is thin — only one substantive review found [1].
No Subsonic API. Can’t use existing Subsonic-compatible mobile clients (DSub, Ultrasonic, Symfonium). You’re locked into the official Android app or the browser [README].
No iOS client. iPhone users are browser-only [README].
MacOS binary not yet released. Listed as “coming soon” [README]. Mac users can Docker, but the native binary isn’t there.
No gapless playback was flagged as missing at initial release [1]. Silence detection + crossfade partially addresses this, but it’s not true gapless.
No transcoding. If you have FLAC files and a device that can only play MP3, you’re on your own [README].
Thin community compared to Navidrome or Jellyfin. 1,780 stars, a subreddit, and a Telegram group. If you hit a bug, self-troubleshooting is the primary support path.

Who should use this / who shouldn’t

Use SwingMusic if:

You have a collection of local audio files (purchased music, ripped CDs, Bandcamp downloads, DJ sets) and want to stream them with a clean interface.
You run a home server or NAS and want to add a music player without complexity.
Metadata quality in your library is inconsistent — folder browsing is your sanity.
You want to stop paying for a streaming service and already own the music.
You’re comfortable with Docker or running a binary on Linux.

Skip it (use Navidrome) if:

You want Subsonic API compatibility and a large choice of mobile clients. Navidrome is more mature, has more community documentation, and is specifically designed for Subsonic protocol support.
Your music collection is massive (100K+ tracks) — Navidrome’s scanning and performance at scale is better documented.

Skip it (use Jellyfin) if:

You want a single server for both music and video. Jellyfin handles both, has an iOS app, and has a far larger community.

Skip it (use Plex) if:

You want managed iOS app support, offline sync for travel, and don’t mind a $120/year Plex Pass fee. Plex is significantly more polished for non-technical users.

Skip it entirely if:

You don’t have local audio files. SwingMusic doesn’t fetch or stream anything from the internet — it only serves what you give it.
You want to expose this to untrusted users. The recent CVE history suggests the security posture isn’t hardened for public-facing multi-tenant use yet.
You need an iOS app in the next six months [README].

Alternatives worth considering

Navidrome — the most recommended self-hosted music server right now. Subsonic API compatible, works with every major mobile client, lightweight, Go binary. Less visually impressive than SwingMusic but far more mature.
Jellyfin — full media server. Handles music, video, photos, and live TV. Overkill if you only want music, but logical if you want one self-hosted platform for everything.
Plex — closed source, requires Plex Pass for full features, but has the best non-technical onboarding and native iOS/Android apps. $120/year vs $0 for SwingMusic.
Gonic — Subsonic API server written in Go. Extremely lightweight, suitable for Raspberry Pi, no web UI worth mentioning. Pure API layer for Subsonic clients.
Funkwhale — federated music server inspired by SoundCloud. Designed for sharing music with a community, not just personal listening. ActivityPub federation. More complex to operate.
mStream — simple personal music streaming server, cross-platform, playlist sharing, file upload via browser [2].
Beets — not a player, but a music library management tool. Often paired with Navidrome: Beets normalizes your metadata, Navidrome serves it.

For someone who just wants the cleanest interface and already owns their music: SwingMusic vs Navidrome is the real decision. SwingMusic wins on UI and folder browsing. Navidrome wins on ecosystem maturity, Subsonic compatibility, and mobile client choice.

Bottom line

SwingMusic is a genuinely impressive UI for a project at 1,780 stars. If you have local music files and want to stream them with an interface that doesn’t look like it was designed in 2012, it’s worth your afternoon. The folder browsing approach is a real differentiator for anyone whose music collection lives in directories rather than perfect metadata. The silence detection and daily mixes are features you wouldn’t expect at this scale.

The caveats are real: a path traversal CVE was found and fixed only recently, the project is young enough that bug density is higher than mature alternatives, there’s no iOS app, and no Subsonic API support means you can’t use the broader ecosystem of Subsonic mobile clients. The license discrepancy (README says MIT, profile says AGPL-3.0) should be resolved before you build anything on top of it.

For the target audience — someone with a music collection who wants to stop paying Spotify for music they already own — SwingMusic earns a cautious recommendation with the explicit instruction to run v2.1.4 or later and change the default admin password before doing anything else.

If the setup is the blocker, that’s exactly what upready.dev deploys for clients.

Sources

LinuxLinks — “Swing Music is a Web-Based Self-hosted Music Player written in Python”. https://www.linuxlinks.com/swing-music-web-based-self-hosted-music-player/
Medevel — “35 Open-source Free Music and Audio Streaming Servers (Self-hosted)”. https://medevel.com/music-and-audio-streaming/
OffSeq Threat Radar — “CVE-2026-23877: CWE-25: Path Traversal: ’/../filedir’ in swingmx swingmusic”. https://radar.offseq.com/threat/cve-2026-23877-cwe-25-path-traversal-filedir-in-sw-f0672a80

Primary sources:

GitHub repository and README: https://github.com/swingmx/swingmusic (1,780 stars, AGPL-3.0)
Official website: https://swingmx.com
Android client: https://github.com/swingmx/android

Features

Authentication & Access

Multi-User Support

Collaboration

Version History

Mobile & Desktop

Mobile App

Replaces

Related Media & Streaming Tools

View all 334 →

Immich

95K

High-performance self-hosted photo and video management — automatic backup, ML-powered search, and a Google Photos-like experience on your own server.

media AGPL-3.0

Jellyfin

49K

The volunteer-built media solution that puts you in control of your media. Stream movies, shows, music, and photos to any device from your own server.

media GPL-2.0