Coral
Comment sections at the Washington Post, the Wall Street Journal, and newsrooms across 30 countries run on Coral (also known as Talk) - the platform built by journalists' technologists, started under the Mozilla Foundation and now stewarded by Vox Media as an Apache-2.0 project serving 23 languages. Its founding premise is that online comments are broken and moderation is the fix. Moderators get a full queue system - reported comments, system-held pending comments, and configurable pre-moderation - backed by AI toxicity scoring that warns commenters before posting and holds high-scoring comments for review, Akismet spam detection, banned and suspect word lists, and automatic repeat-offender handling that pre-moderates users whose rejection rate crosses a threshold. Readers get features designed for healthier conversation: journalist badges in threads, muting of annoying voices, notifications, instant new-comment alerts, and timeouts rather than just bans. For publishers the economics are the point - no ads, no trackers, no hidden pixels anywhere in the code, full ownership of audience data, and GDPR compliance beyond requirements. Integration is one embedded script; SSO connects existing registration, and a GraphQL API supports customization and extension.
Authorizer
Your users belong in your own database - Authorizer, an open-source authentication and authorization server shipping as a single Go binary, keeps them there. It connects to 13+ backends - PostgreSQL, MySQL, SQLite, SQL Server, MariaDB, MongoDB, Cassandra, ScyllaDB, ArangoDB, DynamoDB, Couchbase, YugabyteDB, PlanetScale, and CockroachDB - so identity data lives beside the application it protects instead of in an auth vendor's cloud. The server is fully OAuth 2.0 and OpenID Connect compliant, including authorization code flow with PKCE, a JWKS endpoint, token revocation, and nine JWT signing algorithms. Login options cover email/password, magic links, TOTP multi-factor, SMS OTP via Twilio, and social providers including Google, GitHub, Apple, Microsoft, and Discord. Authorization goes beyond roles: an embedded OpenFGA engine provides Zanzibar-style relationship-based permission checks in process. APIs are exposed over GraphQL, REST, and gRPC, with SDKs for JavaScript, React, Go, and Python, plus themeable built-in login pages and an admin dashboard. Apache 2.0 licensed.
PsiTransfer
Upload files, get a share link, let it expire: PsiTransfer is a self-hosted WeTransfer with no accounts, no logins, and no third-party cloud with size caps and metadata harvesting. The engineering focus is large files over imperfect networks. Uploads use the tus.io resumable protocol, so a dropped connection on a multi-gigabyte video resumes exactly where it stopped once you're back online; downloads support HTTP range headers for the same resilience, and everything streams, so file size is bounded by your disk rather than memory. Files organize into upload buckets with retention you control: expire after a set time (up to weeks) or after a one-time download, with automatic cleanup when links lapse. Recipients need nothing installed - they open the link, preview files in modal views, and grab everything as a zip or tar.gz archive with one click. Buckets can be password-protected (AES-encrypted download lists), and security-through-obscurity is done properly: bucket URLs use hashed UUID tokens and stored filenames are replaced with UUIDs. An optional admin page (enabled by setting an admin password) lists bucket information and storage. The Vue.js frontend ships under 100 KB gzipped and is fully responsive. Honest caveat from the author: no end-to-end payload encryption yet. BSD-licensed, Docker-ready.
Lingva Translate
What Nitter was to Twitter and Invidious is to YouTube, Lingva Translate is to Google Translate: a privacy front-end delivering the service's full capability while cutting Google out of the loop between you and your text. Built on Next.js with TypeScript and Chakra UI, it uses the purpose-built Lingva Scraper to fetch translations from Google Translate without your browser ever touching a Google-related service - no cookies, no tracking, no account, while retaining what makes Google Translate hard to give up: 100+ languages with the translation quality of Google's production models, unlike offline engines that trade privacy for accuracy. The clean interface covers automatic source-language detection, text-to-speech audio playback for pronunciations, definitions and examples, and light/dark themes. For developers, every instance doubles as a translation API: a RESTful endpoint at /api/v1/:source/:target/:query returns JSON translations, an audio endpoint serves TTS buffers, and a full GraphQL API at /api/graphql exposes translations, audio, and language lists for richer integrations - all unmetered on your own instance. Deployment is a single stateless container with one environment variable for the site domain; defaults for theme and language pair are configurable. GPL-licensed, and popular as the translation backend for privacy-respecting apps.
Dialoqbase
Retrieval-augmented chatbots on your own knowledge base - that is the whole mission of Dialoqbase, an open-source bot-building platform. Feed it content through a broad set of data loaders - web pages and full crawls, sitemaps, PDFs, DOCX, CSV, plain text, GitHub repositories, YouTube videos, and MP3/MP4 audio - and it handles the whole RAG pipeline in one self-contained app: chunking, embedding, vector storage, and LLM querying. The distinguishing architecture choice is PostgreSQL with pgvector for embedding storage and similarity search, which removes the separate vector-database dependency, and Redis-backed Bull queues for ingesting large documents without blocking the API. Model choice is wide open: OpenAI, Anthropic Claude, Google Gemini, Cohere, Fireworks, Hugging Face, local models via Ollama, and any OpenAI-compatible endpoint, with an equally broad list of embedding providers. Finished bots embed on any website with customizable styling or deploy to Telegram, Discord, and WhatsApp, and an API creates and manages bots programmatically. Multi-user support adds registration limits and per-user bot quotas. MIT-licensed and free for commercial use.
BeaverHabits
No targets, no gamification spiral, no motivational nagging: Beaver Habit Tracker is a self-hosted habit tracker deliberately built without "Goals". The core loop is honest: add habits, check them off each day, watch streaks accumulate on a calendar view. Its design follows behavioral-science basics - make it obvious (visual streak cues), make it attractive (progress is the motivator), make it satisfying (tracking becomes its own reward). Beyond the daily checklist it supports per-day notes intelligently grouped per habit, periodic habits, habit categories and tags, drag-to-reorder (manual or automatic), dark mode, and detailed streak and frequency views. Data lives where you choose: a single SQLite database or flat JSON files on a mounted volume, with JSON export and import for full portability. A REST API opens automation - community integrations already cover Stream Deck buttons, Home Assistant triggers, and CalDAV. The Python app ships as one Docker container with no external dependencies; environment variables tune everything from first day of week and index-page columns to iOS standalone PWA mode, and single-user setups can bypass the login entirely with TRUSTED_LOCAL_EMAIL. BSD-3-Clause licensed with no commercial restrictions - a well-executed single-purpose tool whose mobile PWA works anywhere a browser does.
Aptabase
Web analytics tools ignore native mobile, desktop, and game apps; Aptabase was built for exactly those. If Firebase Analytics would force a privacy-policy footnote you don't want to write, this is the alternative - session-based metrics with no cookies, no IDFA or GAID, no device fingerprinting, and a daily-rotated salt that makes cross-day re-identification mathematically impossible. That design means GDPR, CCPA, and PECR compliance out of the box and "Data Not Collected" App Store privacy labels without ATT prompts. The SDK coverage is the widest in its category: eleven first-party libraries spanning Swift, Kotlin, Flutter, React Native, Tauri, Electron, .NET MAUI, NativeScript, Unity, Unreal Engine, and JavaScript for web - each MIT-licensed, following platform conventions, and accepting a custom host parameter that points at your instance. Integration is minutes: initialize with an app key, call trackEvent with optional properties, and the dashboard shows sessions, events, app versions, OS breakdowns, and country-level geography. The self-hosted stack is a .NET server over PostgreSQL for metadata and ClickHouse for high-volume event ingestion, giving cloud-parity features under an AGPL license. For indie iOS/Android apps, Electron and Tauri tools, and Unity or Unreal games, it replaces Firebase without the Google entanglement.
Chatpad
Why should your chat history live on someone else's servers? Chatpad AI - a React/TypeScript front end for the OpenAI API, built on the Mantine component library - is designed around that question. Enter your own OpenAI API key and start chatting with GPT models; every conversation, prompt, and setting is stored locally in your browser via DexieJS over IndexedDB, with no tracking, no cookies, and no backend database at all. That architecture is the point - the Docker image is just Nginx serving static files, making it one of the lightest AI deployments in the catalog, and pay-per-token API pricing typically undercuts a ChatGPT Plus subscription for moderate use. The interface earns its "premium quality" tagline with the details: a persona selector that switches communication styles per conversation, a saved-prompts library for messages you reuse constantly, organized chat history, and full data export/import so conversations move between browsers or into backups as files you control. A JSON config file customizes defaults - models, API endpoints, UI options - without rebuilding the image. AGPL-licensed, with desktop builds available upstream. For teams that want ChatGPT's utility with a self-hosted, zero-telemetry footprint, Chatpad is the minimal, sane answer.
ExpenseOwl
Log a date, amount, and category; get a clean monthly pie chart and a cashflow strip showing income, expenses, and net balance - ExpenseOwl is expense tracking stripped to what actually matters. The MIT-licensed Go application deliberately is not a budgeting system - no envelopes, no accounts, no double-entry, no bank sync - because its author found tools like Firefly III and Actual too heavy for the simple question "where did this month's money go?" The dashboard makes that question fast: click a pie slice to exclude fixed costs like rent and see discretionary spending clearly, then drill into a chronological table view to inspect or delete individual transactions. Recurring transactions handle salaries and subscriptions automatically, optional tags add a second classification axis, and settings cover custom categories, currency symbol, and a configurable month start date for non-calendar pay cycles. CSV import migrates data from virtually any other tool, and CSV export keeps your data portable. It ships as a self-contained binary and multi-architecture Docker image with zero internet interaction, stores data in flat JSON files by default (PostgreSQL optional), and installs as a PWA on phones. Single-user by design; pair it with an authenticating reverse proxy if exposed publicly.
Fireshare
The moment after ShadowPlay saves a great clip is what Fireshare was built for: your friends see it now, not after a YouTube upload, processing queue, and platform terms review. Drop videos into a watched folder and this Flask/React application generates a unique shareable URL for each one, complete with Open Graph metadata - so pasting the link into Discord, Twitter, or Slack produces a proper embed with title, description, and video thumbnail instead of a raw URL. Viewers need no account and no app. Visibility is per-file: public (browseable on your feed), private (unlisted, reachable only by direct link), or password protected. For game clips specifically, Fireshare organizes automatically - clips sort by game with cover art pulled from SteamGridDB, no manual tagging - while tags and full-library search cover everything else. Optional transcoding (CPU or GPU) creates lower-quality renditions so viewers on weak connections get automatic quality adaptation, and video cropping trims clips in place. The extras round out a genuinely finished tool: view counters, timestamped share links, a shuffle button, restrictable uploads, Discord notifications for new videos, an RSS feed of the public feed, mobile support, and LDAP for multi-user setups. No storage limits, no watermarks, no platform deciding what stays up. GPL-licensed.
Nzbget
Written in optimized C++ where competitors use Python or Java, NZBGet saturates fast connections while idling on CPU and RAM - which is why the performance-obsessed Usenet downloader has long been the client of choice for NAS boxes, Raspberry Pis, and routers as much as full servers. The engineering shows in the recovery pipeline. Instead of shelling out to par2cmdline, NZBGet integrates the par2 source directly and exploits its knowledge of exactly which articles failed - quick par-verification checks only what needs checking, and its own multicore repair implementation runs 2-3x faster than the external tool on the same hardware. Fast par-rename deobfuscates scrambled filenames in seconds without a full verification pass, and rar-rename recovers names for multivolume archives even when no par2 files exist. DirectWrite assembles articles straight into sparse destination files, skipping temporary-file churn entirely, with an article cache and queue-pausing options to eliminate disk contention. Automation is complete: a remote web interface, full JSON-RPC API, RSS feeds with duplicate detection, scheduling and prioritization, and an extension manager for Python and Bash scripts triggered by download events. Sonarr, Radarr, and every major indexer integrate natively.
ChatChat
One clean interface in front of Anthropic, OpenAI, Google Gemini, Cohere, and more: Chat Chat is a Next.js front door to the major AI providers, ending the juggling of separate subscriptions, tabs, and UIs per model. Bring your own API keys, pick a provider and model per conversation, and switch between them as the task demands: Claude for long-form reasoning, GPT for code, Gemini for multimodal work - the interface stays identical. Beyond configured presets, custom providers plug in with their own API endpoints and keys, which covers OpenAI-compatible gateways and local inference servers. The design splits into two dedicated modes: a chat interface for conversational work with customizable system prompts, and a search interface that pairs AI processing with query handling for research-style questions. The stack is modern and hackable - Next.js 14, Tailwind CSS, shadcn/ui on Radix primitives, Jotai for state - with full internationalization including English, Chinese, and Japanese. Self-hosting means your conversation history and API keys live on your instance rather than a third-party wrapper service, and pay-per-token API pricing typically beats stacking multiple monthly chat subscriptions. AGPL-licensed and deliberately simple to deploy: one container, environment variables for keys, done.
Apprise-API
One REST call, 130+ notification services: Apprise API wraps the well-known Apprise library in a lightweight Django/Gunicorn microservice, so "send an alert" works the same whether it goes to Slack, Discord, Telegram, Teams, email, SMS, Pushover, or PagerDuty - each addressed by a simple URL scheme. It solves the credential-sprawl problem cleanly: instead of embedding provider tokens in every app, cron job, and CI pipeline, you centralize them here and everything else just POSTs a body and title. Two modes cover every workflow. Stateless calls to /notify carry target URLs in the payload (or fall back to a default set via APPRISE_STATELESS_URLS); stateful mode stores named configurations server-side under keys, so /notify/{KEY} fans out to everything registered - with tag-based routing (comma for OR, space for AND) selecting which endpoints fire per message. Messages take info, success, warning, or failure types in text, Markdown, or HTML, with attachments up to a configurable size. A built-in web UI manages and tests configurations, APPRISE_CONFIG_LOCK makes the store read-only, service allow/deny lists restrict which schemes work, webhook remapping adapts third-party payloads, and a Prometheus /metrics endpoint watches the gateway itself.
Muse
"A highly-opinionated midwestern self-hosted Discord music bot that doesn't suck," per its own README - Muse is built for servers the size of you, your friends, and your friends' friends. It exists because the big public music bots kept getting shut down or paywalled, and self-hosting yours means nobody can take it away. Written in TypeScript on discord.js, it joins voice channels and plays audio resolved from YouTube via yt-dlp, and given optional Spotify API credentials it auto-converts Spotify tracks, albums, artists, and entire playlists to playable equivalents. The playback details show real care: seeking within songs and videos, livestream support, local caching so repeated plays start instantly, volume normalization across tracks, and configurable volume controls including optional ducking that lowers music when people speak. SponsorBlock integration can skip non-music segments automatically. Users save favorite queries as reusable shortcuts, and one Muse instance serves multiple guilds simultaneously - one deployment for all your communities. Configuration is three environment variables (Discord token, YouTube API key, optional Spotify pair) and the personality is free: there is no vote-to-skip, because "this is anarchy, not a democracy," and the bot remains a loyal Green Bay Packers fan. MIT-licensed and easily extendable.
Keeper
Work, personal, business, and school calendars at different providers double-book because no one system sees your real availability - Keeper solves that multi-calendar collision problem. Its pull-compare-push sync engine aggregates events from Google Calendar, Outlook/Office 365, iCloud, FastMail, any CalDAV server, or read-only iCal/ICS feeds, and pushes blocking events to one or many destination calendars so time slots align everywhere. The design is deliberately content-agnostic - it syncs timeslots, not titles or descriptions, so a personal appointment shows as busy time on your work calendar without leaking details. Sync logic is clean: events Keeper creates carry a traceable UID suffix, deletions propagate, and orphaned entries are purged automatically. A token-authenticated aggregated iCal feed combines selected calendars into one subscribable URL for Apple Calendar or Thunderbird. An optional MCP server gives AI agents read-only calendar access over OAuth 2.1 - list calendars and query events by date range, with no write capability. Built with Next.js and Bun under AGPL-3.0, the standalone Docker image bundles web, API, cron, worker, Redis, and PostgreSQL in one container, and self-hosting unlocks every Pro feature - unlimited calendars and one-minute sync intervals - for free.
Faved
Large link collections stay fast and organized in Faved, a private, self-hosted bookmark manager built for exactly that job. Its core is a nested tagging system that outgrows flat folders: place Go and Python under Programming Languages, color-code tags, add descriptions, pin frequent ones to the top of the sidebar, and optionally roll up child-tag items into parent views. Saving is frictionless - a lightweight bookmarklet works in any desktop or mobile browser without extensions, and Apple devices can send links through the native Share menu. Faved fetches titles, descriptions, and preview images automatically, keeps that metadata fresh over time, and flags duplicates as you save. Instant as-you-type search, flexible sorting, and bulk actions (retag, delete, refetch) keep collections of any size manageable, while customizable layouts - card, list, or table - plus a system-synced dark mode adapt the interface to your workflow. Migration is first-class: import from Chrome, Safari, Firefox, or Edge with folder structure preserved, or move from Pocket and Raindrop.io keeping tags and collections. The stack is deliberately light - PHP 8 with SQLite behind a React/Tailwind frontend - deploying via Docker with no external dependencies. All data stays local: no ads, no tracking, and no risk of your library vanishing with a discontinued service.
Journiv
A Day One alternative that keeps your most personal writing on your own server: Journiv is journaling purpose-built for self-hosters. The FastAPI backend runs on SQLite by default with optional PostgreSQL, Redis, and Celery for background work, behind a clean, minimal web UI. Unlike general note-taking apps, it ships the features journaling actually needs: customizable moods and mood groups, activity tracking, goals with automated progress from logged activities, and daily writing prompts filterable by category and difficulty so a blank page never stalls you. Quick Log captures a moment in seconds and expands into a full entry later; "On This Day" resurfaces entries from past weeks, months, and years. Multiple journals separate work, gratitude, and personal writing, with tags and full-text search across everything, plus media uploads with automatic thumbnails and an Immich integration for linking photo-library memories. Analytics chart mood trends and writing patterns over time. Data portability is taken seriously: native import of Day One exports, JSON/Markdown/HTML export, and a standalone HTML viewer that opens your archive in any browser with no server running. OIDC single sign-on works with Authentik or Keycloak, and multi-arch images cover amd64 and arm64.
Swetrix
Traffic analytics, real-user performance monitoring, and client-side error tracking - normally three tools - in one cookieless, privacy-first dashboard: Swetrix. The Community Edition ships the same core engine as the cloud product - a NestJS API with ClickHouse for high-volume event storage, MySQL for relational data, and Redis for caching, fronted by a React dashboard and a ~5 KB tracking script with official packages for 20+ frameworks including Next.js, WordPress, and Shopify. Traffic analytics cover pageviews, referrers, UTM campaigns, geolocation, sessions with page flows, funnels, and custom events - all anonymized server-side with no cookies, no cross-device tracking, and no consent banner required for GDPR compliance. Performance monitoring records real-user metrics per pageview: TTFB, DNS and TLS timing, and render times, so regressions surface in the same place as traffic. Error tracking captures unhandled JavaScript exceptions automatically with formatted stack traces, filename/line metadata, affected browsers and pages, first/last-seen timestamps, and a resolve workflow - replacing a separate error monitoring subscription for many teams. Alerts fire to email, Slack, Telegram, Discord, or webhooks on traffic spikes, new errors, and custom events. If Plausible covers your traffic questions but you also want to know why the site broke, Swetrix answers both.