212 apps Self-Hosted
Kan screenshot thumbnail

Kan

What Trello fans wanted Trello to stay: Kan (kan.bn) is a minimalist, frills-free kanban board capturing the original vision before the enterprise pivots - and then adds the things 2025 actually demands. The core is exactly right: drag-and-drop cards across lists, labels and filters to find work fast, comments for discussion on cards, checklists, a detailed activity log tracking every change, and reusable board templates. Workspaces gather your team with member invites and role management, and board visibility controls decide who can view or edit each board. Migration is first-class: a built-in Trello importer brings existing boards over, so switching costs an afternoon, not a quarter. The standout differentiator is the bundled Model Context Protocol server exposing 46 tools across workspaces, boards, lists, cards, comments, checklists, labels, and members - meaning Claude Desktop, Cursor, Copilot, or any MCP client can read and manage your boards in natural language: "move everything assigned to me into Done" becomes a sentence, not a click marathon. The stack is modern TypeScript - Next.js, tRPC, Drizzle ORM over PostgreSQL, Better Auth (credentials or OAuth), Tailwind - with optional SMTP email and S3 file storage. Unlimited boards, lists, and cards; AGPL-licensed.

Deploy
Isso screenshot thumbnail

Isso

Named from the German "Ich schrei sonst" - roughly "or I'll scream" - Isso is a lightweight Python/JavaScript commenting server, a drop-in Disqus replacement for people who noticed what Disqus does to reader privacy and page load times. The design premise is printed right in the docs: comments are not Big Data. So the backend is a single SQLite file rather than a database cluster, and the entire client is one embeddable JavaScript file - 65 kB, 20 kB gzipped - that you drop into any static site, blog, or CMS. Commenters write in Markdown, need no account, and can edit or delete their own comments within a configurable window (15 minutes by default). Spam control comes from an optional moderation queue: held comments stay invisible until you activate them via an admin interface or email notification links. Migration is a first-class feature, with importers for Disqus and WordPress exports, so years of existing threads move over intact. Because everything is server-rendered from your own instance, no third party tracks your readers, and real-world switchers report smaller pages and faster loads than the Disqus embed. MIT-licensed, running since 2012.

Deploy
Calibre screenshot thumbnail

Calibre

Serious readers organize, convert, edit, and serve their e-book libraries with Calibre - the definitive open-source e-book manager. This deployment runs the full Calibre desktop application on your server, accessible from any browser, so your library lives in one authoritative place instead of scattered across devices. Its conversion engine is the best in the business, translating between every major format - EPUB, MOBI, AZW3, PDF, DOCX, and dozens more - with fine control over fonts, margins, metadata, and structure detection. Metadata management downloads covers, descriptions, series info, and identifiers from online sources, and every field is editable in bulk. Beyond cataloging, Calibre includes a full e-book editor for EPUB and AZW3 internals, a news engine that fetches newspapers and magazines from the web on schedule and converts them into e-books, book comparison tools, and device syncing that sends the right format to each connected reader. The built-in content server exposes your library over HTTP so phones, tablets, and e-readers can browse and download remotely. A deep plugin ecosystem extends everything - metadata sources, format support, store integrations. For power users, the complete CLI (calibredb, ebook-convert) enables scripted library automation. Your books, your metadata, your server - permanent and DRM-free storage under your control.

Deploy
Hastebin screenshot thumbnail

Hastebin

"Throw it on a haste and send the link" entered developer vocabulary because of Hastebin (haste-server), the minimalist open-source pastebin. Written in Node.js with three stated design goals - be really pretty, be really simple, be easy to set up - it does one job precisely: paste code, logs, stack traces, or config snippets, press save (or Ctrl+N for a new one), and get a short random-key URL to share. Syntax highlighting renders pastes readably across common languages, a raw view serves plain text for curl and scripts, and duplicate-and-edit makes iterating on a shared snippet trivial. The killer workflow is the terminal: with the haste-client utility or a one-line shell function, `cat error.log | haste` prints a shareable URL straight from stdout - the fastest route from a broken build to a colleague's eyeballs. Storage is pluggable through a simple adapter interface: filesystem by default, Redis with optional key expiration for pastes that should age out, and configurable key length, maximum paste size, and static documents. Self-hosting matters here because pastes often contain internal logs and stack traces that should never sit on a public pastebin - your instance keeps them inside your network, under your retention rules.

Deploy
PowerDNS-Admin screenshot thumbnail

PowerDNS-Admin

Raw zone files and API calls become something a whole team can operate safely once PowerDNS-Admin puts its web interface in front of a PowerDNS authoritative server. It's a Python/Flask application covering full forward and reverse zone management, with the touches that matter in daily DNS work: zone templates for stamping out consistent new domains, easy IPv6 PTR record editing (reverse zones by hand are misery), full IDN/Punycode support for internationalized domains, and DynDNS 2 protocol support so routers and scripts can update records the way they would against a commercial dynamic-DNS service. Access control is enterprise-grade: local users, LDAP against OpenLDAP or Active Directory, SAML, and OAuth via Google, GitHub, Azure, or OpenID Connect, hardened with TOTP two-factor authentication. Role-based permissions extend to zone-specific access control - hand a developer their project's zone without exposing the rest of your namespace - and activity logging records who changed which record when, the audit trail bare PowerDNS never gives you. The dashboard monitors PDNS service configuration and statistics, and its own API exposes zone and record management for automation on top of the UI. Runs against MySQL/MariaDB or PostgreSQL, talking to PowerDNS through its REST API. MIT-licensed.

Deploy
Languagetool screenshot thumbnail

Languagetool

Grammar, punctuation, and style errors a dictionary lookup can't see: LanguageTool is open-source proofreading powered by a Java rule engine covering English, German, Spanish, French, Portuguese, Dutch, and 25+ other languages. Self-hosting the HTTP server is how you get Grammarly-class checking without sending every sentence you write to a third party - a real concern when the text being proofread is confidential email, legal drafts, or unreleased documentation. Your instance exposes the standard /v2/check API, so the official ecosystem plugs straight in: browser extensions for Chrome and Firefox accept a custom server URL, and integrations exist for VS Code, LibreOffice, Obsidian, Vim, Emacs, and many editors. Notably, self-hosting restores free browser-extension checking that the hosted service moved behind a premium subscription - your server, no character limits, no paywall. Detection quality is tunable: optional n-gram datasets (multi-gigabyte language models for en, de, es, fr, nl) teach the engine word-order and confusion-pair errors like there/their and brakes/breaks, and a fastText model improves automatic language identification. Everything runs offline once models are downloaded. The core is LGPL, the API is documented with Swagger, and rules are community- maintained and constantly expanding.

Deploy
Monetr screenshot thumbnail

Monetr

After the bills are covered, how much is actually safe to spend? monetr organizes an entire budgeting application around that one question. Inspired by the defunct Simple bank, it budgets paycheck by paycheck rather than month by month. Funding schedules encode when you get paid - including multiple schedules per account and a weekend-exclusion option for deposits that land early - and every expense or savings goal is tied to one. monetr then calculates how much of each recurring obligation (rent, car payment, subscriptions, on any repeat interval) to set aside from each paycheck, so a large bill never has to come out of a single check. What remains after allocations is surfaced as Free-To-Use, and a forecasting timeline projects contributions, due dates, and leftover funds forward so low-balance periods are visible before they happen. Transactions arrive either as OFX uploads from your bank or automatically through a Plaid connection using your own API credentials, keeping balances and transactions synced without manual entry. The app is mobile-friendly and installable as a PWA on desktop or phone. Self-hosting via Docker Compose is completely free, with all source code public and your financial data on your own hardware.

Deploy
Wiki.js screenshot thumbnail

Wiki.js

Team and product documentation on a fast Vue frontend with PostgreSQL storage: Wiki.js is a Node.js wiki engine. Its distinguishing trait is per-page editor choice: authors pick Markdown with live preview, a WYSIWYG visual builder for non-technical writers, or raw HTML, page by page. Native Git synchronization commits every page change to GitHub, GitLab, Bitbucket, Azure DevOps, or any Git remote - bi-directionally, so edits made in the repository flow back into the wiki - giving documentation version-controlled backup for free. Authentication coverage is among the broadest of any self-hosted wiki: local accounts with self-registration, social login via Google, GitHub, Discord, and Slack, and enterprise SSO through LDAP/Active Directory, SAML, CAS, Auth0, Okta, Azure AD, Keycloak, and generic OAuth2/OIDC, with optional MFA. Built-in full-text search runs on PostgreSQL with zero setup, and external engines like Algolia or Solr can substitute. Page history with visual version comparison, granular group-based permissions per path, nested navigation menus, 50+ integration modules, and full localization round it out. AGPLv3-licensed with a 28k-star community.

Deploy
Element screenshot thumbnail

Element

Matrix's flagship client, built by the protocol's creators: Element brings the decentralized open standard for real-time communication to web, desktop, iOS, and Android. Paired with a Matrix homeserver, it delivers Slack-quality team messaging where you own every message, file, encryption key, and byte of metadata. End-to-end encryption is on by default, built on Olm and Megolm - the Double Ratchet algorithm family Signal popularized, extended for large-room scalability and publicly audited by NCC Group. Messages encrypt per-device with cross-signed device verification, so even a compromised server yields nothing readable. Federation is the defining capability: like email, users on different homeservers converse seamlessly, and 30+ bridges connect Matrix rooms to Slack, Discord, WhatsApp, and Telegram, so moving to sovereign infrastructure doesn't sever contact with anyone. Rooms support threads, reactions, file sharing, and voice and video calls via Element Call. The result is digital sovereignty chosen by governments and enterprises across Europe: your data sits on your server in your jurisdiction, portable to any other Matrix host because the protocol is an open standard. Apache-2.0 licensed, with no per-user fees at any scale.

Deploy
OpenHAB screenshot thumbnail

OpenHAB

Over 400 technologies and thousands of smart devices from any manufacturer, unified under one roof: openHAB is the vendor-neutral home automation platform with a pluggable binding architecture. Each binding translates a device or service into openHAB's clean abstraction: Things expose Channels, Channels link to Items, and Items feed a rules engine that runs your home. That engine meets you at your skill level: Blockly gives non-programmers drag-and-drop visual logic, JS Scripting (GraalJS with the openhab-js library) is the modern text-based standard, the classic Rules DSL remains supported, and JSR223 opens the door to Python, Ruby, and Groovy. Time- and event-based triggers, scripts, notifications, and voice control compose into automations of any complexity, and users report decade-old rule sets still running rock solid. The Main UI handles configuration, semantic modeling, and now built-in charting - no external Grafana required. Built in Java on Apache Karaf's OSGi runtime and stewarded by the non-profit openHAB Foundation, it requires no cloud to function: everything runs locally, talking directly to your devices. Optional connectors bridge to Alexa, Google Assistant, and HomeKit, with iOS, Android, and web apps for control from anywhere.

Deploy
CubeJS screenshot thumbnail

CubeJS

Between your databases and everything that consumes data - BI tools, embedded analytics, AI agents - sits Cube (formerly Cube.js), an open-source semantic layer. Metrics, dimensions, joins, and access rules are defined once as code in YAML, JavaScript, or Python, forming a governed data model that every downstream consumer shares, so "revenue" means the same thing in every dashboard. Caching is two-level: an in-memory cache absorbs bursts of identical queries, and declared pre-aggregations - rollup tables built in the warehouse or in Cube Store, Cube's distributed columnar engine, and refreshed in the background - deliver sub-second latency while cutting warehouse compute costs. The query planner routes each request to cache, rollup, or source automatically. Consumers connect through a Postgres-compatible SQL API (any tool that speaks Postgres works), plus REST, GraphQL, and a Meta API for model introspection. Row-level security and multi-tenancy are enforced in the layer itself, upstream of every client. Sources include Snowflake, BigQuery, Databricks, Postgres, MySQL, Presto, and Athena. Headless by design - bring your own UI.

Deploy
CyberChef screenshot thumbnail

CyberChef

GCHQ open-sourced its "Cyber Swiss Army Knife", and CyberChef became the web app security analysts, incident responders, and CTF players reach for when data needs decoding, decrypting, or dissecting. Its interface is four panes: paste or drag input (files up to 2GB), search a categorized library of hundreds of operations, drag them into a recipe with arguments, and read the output. Operations span Base64, hex, and XOR encoding; AES, DES, and Blowfish encryption; classical ciphers from Caesar to Railfence; hashes and checksums; compression; regex and string extraction of IPs, domains, and URLs; timestamp conversion; and parsers for IPv6, X.509 certificates, and more. Recipes chain arbitrarily - convert from a hexdump then decompress, decrypt AES pulling the IV from the cipher stream, or let the Magic operation auto-detect several layers of nested encoding. Auto Bake re-runs the recipe live as input or arguments change, Step executes one operation at a time for debugging, and flow control (forks, subsections, registers) applies different operations to different parts of the data. Recipes save to files or share as URLs encoding the full pipeline. Crucially, CyberChef is entirely client-side JavaScript - nothing uploads anywhere - and self-hosting guarantees an unmodified copy inside your own network, where malware artifacts belong.

Deploy
drawDB screenshot thumbnail

drawDB

Schema design with no account and a few clicks: drawDB is the browser-based entity-relationship diagram editor and SQL generator - an AGPL-3.0 React project with over 37,000 GitHub stars. Draw tables with columns, data types, defaults, and constraints; connect fields to create foreign-key relationships; group tables into labeled subject areas; and annotate with notes. When the design is ready, one export produces CREATE TABLE DDL - with constraints, indexes, and foreign keys - targeted at MySQL, PostgreSQL, SQLite, MariaDB, SQL Server, or Oracle. Diagrams can be database-specific, unlocking every native type plus dialect features like PostgreSQL enums and composite custom types, or generic for portability across all supported flavors. The reverse direction works too: paste existing DDL into the import dialog and drawDB renders your live schema as a navigable diagram - the fastest way to document an inherited database. Versioning and migration-script generation track schema evolution, full editor ergonomics (undo/redo, copy/paste, duplicate, themes) keep iteration fast, and diagrams export as PNG, SVG, or shareable JSON. Everything runs client-side against browser storage - no backend database connection needed - so the self-hosted Docker deployment is a featherweight static app that keeps proprietary schema designs entirely on your infrastructure.

Deploy
Mautic screenshot thumbnail

Mautic

A campaign engine wrapped around a contact database: Mautic, the largest open-source marketing automation platform, replaces HubSpot or Marketo without per-contact pricing. Contacts arrive through forms, landing pages, imports, or the REST API and flow into segments: dynamic filters that update automatically from behavior, custom profile fields, or point scores. Segments decide who qualifies; campaigns decide what happens. The drag-and-drop Campaign Builder composes multi-step workflows from actions, positive/negative decision trees, and conditions (field values, tags, device type, segment membership, point thresholds), with static or relative delays, a Jump-to-Step action for moving contacts between branches, and handoffs that push contacts into CRMs or entirely different campaigns. Messaging covers email, SMS, and web/app push out of the box, with A/B testing and a drag-and-drop email builder; dynamic website content swaps page sections per known contact. Lead scoring assigns points for clicks and visits with decay for inactivity, while stages track funnel position. Native integrations cover Salesforce, HubSpot, Zoho, and Dynamics, plus a full REST API for custom sync. It runs on PHP and MySQL with cron jobs processing campaigns and segment rebuilds - self-hosting keeps your entire contact database and behavioral history under your control.

Deploy
Grist screenshot thumbnail

Grist

A spreadsheet whose formula language is real Python - full syntax plus the standard library, alongside familiar all-caps Excel functions: Grist is an open-source relational spreadsheet. Data lives in tables with typed columns and reference links, queried in formulas through lookupRecords and lookupOne, so one document can model what would otherwise take several joined spreadsheets. Trigger formulas compute values on conditions you define (timestamps, authorship, data cleanup, smart defaults), and an AI Formula Assistant generates formulas via OpenAI, Llama, or any OpenAI-compatible endpoint. Each document is a self-contained SQLite file, readable by any SQLite tool and trivially portable between hosts, with automatic snapshots and full-history exports. Layouts combine card, table, and chart widgets into dashboards, and granular role-based access rules restrict who sees which rows and columns - a design that made Grist a foundation of France's sovereign LaSuite workspace with 20,000+ government users. The Apache-2.0 grist-core edition ships SSO via OIDC and SAML, a REST API, webhooks, and forms; formula execution can be sandboxed with gVisor so untrusted documents cannot reach the network or each other.

Deploy
Mstream screenshot thumbnail

Mstream

"The easiest music streaming server available" is mStream's own billing, and the claim holds up: a lightweight Node.js app that turns a folder of audio files into a private streaming service in minutes, no external database required. Its filesystem-based design is the clever part - the API mirrors your folder structure, so you can browse and play music immediately, before any library scan finishes, and your organization on disk is your organization in the app. It streams flac, mp3, wav, ogg, opus, aac, and m4a, which matters to the audiophile crowd: FLAC plays uncompressed, bit-perfect, with gapless playback for live albums and continuous mixes. The web player runs anywhere a browser does and packs personality - a Milkdrop-style visualizer (Butterchurn), playlist sharing via links, and drag-and-drop uploads straight through the file explorer. Native iOS and Android apps add the feature streaming subscriptions can't match: sync your collection to your phone for true offline playback of music you own. Multi-user support assigns separate directories and permissions per account. Resource usage is famously light - mStream is tested on multi-terabyte libraries and runs happily on a Raspberry Pi, so a small RepoCloud instance serves a lifetime's collection. GPL-licensed, with zero listening-habit telemetry.

Deploy
Prowlarr screenshot thumbnail

Prowlarr

Configure each indexer once, not five times: Prowlarr is the indexer hub of the *arr stack, removing the most tedious duplication in a media automation setup. Instead of configuring the same torrent trackers and Usenet indexers separately in Sonarr, Radarr, Lidarr, Readarr, and Mylar3, you add each one once in Prowlarr and it syncs them to every connected app automatically, complete with category mappings; with Full Sync enabled, adding or removing an indexer propagates everywhere, and a tracker URL change is a one-place fix. Coverage is the deepest available: 500+ torrent trackers with definitions added constantly, 24 native Usenet indexers, generic Newznab and Torznab support for anything else, and custom Cardigann YML definitions with JSON and XML parsing for obscure sources. Built on the same .NET/React base as its siblings, it also earns a place as a search tool in its own right: unified manual search queries every indexer simultaneously at a category level, and you can push multiple releases straight to your download clients without touching Sonarr or Radarr. Health checks and status notifications flag failing indexers, per-indexer statistics track success rates and response times so you can cull unreliable sources, and per-indexer proxy support (SOCKS4/5, HTTP, FlareSolverr) handles trackers behind Cloudflare.

Deploy
Kimai screenshot thumbnail

Kimai

From a freelancer logging billable hours to companies with hundreds of users, Kimai scales professional-grade open-source time tracking - a Symfony/PHP application without the per-seat pricing of Harvest or Toggl. Tracking is flexible by design: run multiple concurrent timers, use punch-in/punch-out mode, or enter times manually, organized by customer, project, and activity with tags, and priced by user-, customer-, or project-specific rates. The billing pipeline is where Kimai earns "professional grade": generate invoices directly from timesheet data with configurable templates (DOCX, ODS, XLSX, PDF), entry grouping, and invoice-number generators, while an export flag locks billed records against editing and excludes them from future invoices - the audit-safety detail spreadsheet workflows never get right. E-invoicing supports EN 16931, XRechnung 3.0, and Zugferd/Factur-X. Enterprise controls come standard: SAML and LDAP login against Google Workspace, Azure AD, or Authentik, TOTP two-factor auth, customizable role permissions, and teams that scope customers and projects to departments. Money and time budgets alert before overruns, advanced reporting slices recorded time by any dimension, and an extensive JSON API plus a plugin marketplace (expenses, approvals, and more) integrate it with existing infrastructure. Over 30 translations, multi-timezone, AGPL-licensed.

Deploy