243 applications
Matomo screenshot thumbnail

Matomo

Several EU data protection authorities have ruled Google Analytics deployments unlawful; Matomo (formerly Piwik) is the most complete open-source replacement - a full analytics platform with 30+ report types across visitors, actions, referrers, goals, and ecommerce. The self-hosted PHP/MySQL edition is free and keeps every byte of visitor data on your infrastructure, which matters more each year: several EU data protection authorities have ruled Google Analytics deployments unlawful, while Matomo configured for cookieless tracking is approved by France's CNIL for use without a consent banner. All reporting runs on 100% unsampled data - no extrapolation at high traffic volumes. The GDPR Manager handles data subject requests and deletion, with IP anonymization, retention controls, and Do Not Track support built in. A dedicated importer pulls your historical Google Analytics data so years of trends survive the migration. Core analytics cover campaigns, custom variables and dimensions, entry/exit pages, downloads, site search, and full ecommerce tracking with a comprehensive HTTP API for reporting and ingestion. Premium plugins extend the platform into Hotjar-class behavioral tooling - click and scroll heatmaps, session recordings, conversion funnels, form analytics, A/B testing - plus a tag manager and SAML SSO. For teams that need GA-equivalent depth with actual data ownership, Matomo is the realistic drop-in replacement.

Deploy
CyberChef screenshot thumbnail

CyberChef

GCHQ open-sourced its "Cyber Swiss Army Knife", and CyberChef became the web app security analysts, incident responders, and CTF players reach for when data needs decoding, decrypting, or dissecting. Its interface is four panes: paste or drag input (files up to 2GB), search a categorized library of hundreds of operations, drag them into a recipe with arguments, and read the output. Operations span Base64, hex, and XOR encoding; AES, DES, and Blowfish encryption; classical ciphers from Caesar to Railfence; hashes and checksums; compression; regex and string extraction of IPs, domains, and URLs; timestamp conversion; and parsers for IPv6, X.509 certificates, and more. Recipes chain arbitrarily - convert from a hexdump then decompress, decrypt AES pulling the IV from the cipher stream, or let the Magic operation auto-detect several layers of nested encoding. Auto Bake re-runs the recipe live as input or arguments change, Step executes one operation at a time for debugging, and flow control (forks, subsections, registers) applies different operations to different parts of the data. Recipes save to files or share as URLs encoding the full pipeline. Crucially, CyberChef is entirely client-side JavaScript - nothing uploads anywhere - and self-hosting guarantees an unmodified copy inside your own network, where malware artifacts belong.

Deploy
NocoDB screenshot thumbnail

NocoDB

Any existing relational database becomes a collaborative, Airtable-style smart spreadsheet under NocoDB. It connects to PostgreSQL, MySQL, MariaDB, SQL Server, or SQLite, introspects the schema - tables, relationships, indexes - and renders it as interactive Grid, Gallery, Kanban, Calendar, and Form views without migrating a single row. Your business data stays in your database; NocoDB keeps only its own metadata (view configs, permissions, webhooks) in a separate store. Every connected table automatically gets REST APIs with Swagger documentation, effectively turning legacy databases into modern backends. The spreadsheet layer adds 20+ field types including formulas, lookups, rollups, links, attachments, and currency, plus sorting, filtering, grouping, and multi-field editing. Views can be locked or shared publicly with password protection, role-based access control scopes permissions per user, and webhooks plus CSV, Excel, and Airtable import round out integration. An ERD view visualizes the schema. Built with Node.js and Vue, deployed via Docker, handling millions of rows.

Deploy
Redmine screenshot thumbnail

Redmine

Nearly two decades running engineering organizations: Redmine is the veteran open-source project management and issue tracker, a Ruby on Rails application (GPLv2) still in active development. Its core strength is configurability: define your own trackers (bug, feature, task, or anything else), issue statuses, and role-based workflows that control exactly which transitions each role may perform, then extend records with custom fields of every type. Issues support subtasks, relations (blocks, precedes, duplicates), watchers, categories, and full journaled history, with saved custom queries and cross-project filtering for slicing the backlog any way you need. Around the tracker sit Gantt charts and calendars, a roadmap driven by versions, per-project wikis, forums, news, and document repositories, plus time tracking with estimated versus spent hours and activity-based reporting. Multi-project support runs deep - subprojects, per-project modules, and granular role-based permissions - and repository integration (Git, Subversion, Mercurial) links commits to issues automatically. Email notifications, inbound email-to-issue creation, LDAP authentication, a REST API, and a large plugin and theme ecosystem round it out. Recent 6.x releases brought substantial query and rendering optimizations. Self-hosting keeps your entire project history in your own database, free of per-seat licensing.

Deploy
Hasura screenshot thumbnail

Hasura

A PostgreSQL database becomes a production-grade GraphQL API the moment Hasura GraphQL Engine points at it: track tables and relationships - existing schemas included - and full query, mutation, and subscription types appear with where, order_by, limit, offset, and on_conflict arguments, no resolvers or boilerplate written. Its Haskell core compiles GraphQL to efficient SQL, and any query becomes a real-time live query with a single keyword, powering dashboards and collaborative UIs over standard GraphQL subscriptions. Authorization is where Hasura earns its enterprise reputation: role-based access control with row- and column-level permission policies driven by session variables from JWTs, auth webhooks, or headers - each role effectively sees its own GraphQL schema containing only what it may touch, integrating cleanly with Auth0, Firebase, or homegrown auth. Event triggers fire webhooks on inserts, updates, and deletes for asynchronous business logic; Actions extend the schema with custom REST handlers; remote schema stitching merges external GraphQL services into one endpoint; and auto-generated REST endpoints serve clients that skip GraphQL. A browser console handles data modeling and API exploration, the CLI manages migrations and metadata as code, and deployment is a single stateless Docker container beside Postgres.

Deploy
Calibre screenshot thumbnail

Calibre

Serious readers organize, convert, edit, and serve their e-book libraries with Calibre - the definitive open-source e-book manager. This deployment runs the full Calibre desktop application on your server, accessible from any browser, so your library lives in one authoritative place instead of scattered across devices. Its conversion engine is the best in the business, translating between every major format - EPUB, MOBI, AZW3, PDF, DOCX, and dozens more - with fine control over fonts, margins, metadata, and structure detection. Metadata management downloads covers, descriptions, series info, and identifiers from online sources, and every field is editable in bulk. Beyond cataloging, Calibre includes a full e-book editor for EPUB and AZW3 internals, a news engine that fetches newspapers and magazines from the web on schedule and converts them into e-books, book comparison tools, and device syncing that sends the right format to each connected reader. The built-in content server exposes your library over HTTP so phones, tablets, and e-readers can browse and download remotely. A deep plugin ecosystem extends everything - metadata sources, format support, store integrations. For power users, the complete CLI (calibredb, ebook-convert) enables scripted library automation. Your books, your metadata, your server - permanent and DRM-free storage under your control.

Deploy
PeerTube screenshot thumbnail

PeerTube

The fediverse's answer to YouTube comes from French non-profit Framasoft: PeerTube is a TypeScript/Angular video platform where hundreds of independently operated instances federate over ActivityPub into one network. Videos you publish are discoverable across the whole video fediverse, and viewers can follow your channels from Mastodon or any ActivityPub platform - or plain RSS - without needing an account on your instance. The namesake innovation attacks video hosting's core cost problem: alongside HLS delivery, an optional WebRTC-based P2P layer lets concurrent viewers' browsers share video segments with each other, so a video going viral distributes its own bandwidth demand instead of crushing your server; instance redundancy extends this by letting friendly instances cache each other's videos. Livestreaming is first-class - stream via OBS or any RTMP software, host permanent streams, enable replays, and interact through live chat. Creators get channels, playlists, analytics, built-in video editing (trim, watermark), and an embeddable player for any website. There are no ads, no data mining, and no recommendation algorithm engineered for watch-time - the project's explicit design stance. Admins control federation policy, P2P settings, and theming; a plugin system extends the rest. AGPL-licensed, 300+ contributors, in active development since 2015.

Deploy
Flowise screenshot thumbnail

Flowise

Drag nodes onto a canvas and ship an LLM app: Flowise is an open-source visual builder for AI agents and LLM applications, written in Node.js on LangChain.js and licensed Apache-2.0. You assemble flows by dragging nodes onto a canvas: models, prompts, memory, vector stores, retrievers, and tools, then wire them together and test in the built-in chat panel. Three builder types cover increasing complexity: Assistant for simple RAG chat over uploaded files, Chatflow for single-agent systems with techniques like rerankers and Graph RAG, and Agentflow for multi-agent orchestration with branching, looping, shared flow state, and human-in-the-loop checkpoints. Over 100 integrations connect data sources, vector databases, and both proprietary and open-source models, plus MCP client and server nodes for standard tool interop. Finished flows are exposed as REST APIs, embedded chat widgets, or via JS and Python SDKs - each flow gets an endpoint the moment it is saved, removing the deployment gap between a working prototype and something your application can call. Execution logs, visual step debugging, and external log streaming trace behavior, while input moderation and rate limiting act as guardrails; RBAC, SSO, and workspaces cover team deployments. Self-hosting keeps prompts, encrypted credentials, and conversation data on your own instance, which matters when flows handle internal documents or customer data - and wiring a model, prompt, memory, and vector store on the canvas replaces the boilerplate a hand-coded LangChain project would need.

Deploy
HedgeDoc screenshot thumbnail

HedgeDoc

Real-time collaborative Markdown behind your own firewall: HedgeDoc (formerly CodiMD, descended from HackMD's open-source edition) keeps team notes on team infrastructure. Share a note's URL and collaborators are editing together instantly - live cursors, changes appearing keystroke by keystroke - in a three-mode interface that toggles between raw Markdown, rendered preview, and side-by-side split. The Markdown dialect is extended where engineers need it: Mermaid, Graphviz, and Vega-Lite diagrams, MathJax for equations, syntax-highlighted code blocks, embedded content, and a presentation mode that turns a note into reveal.js slides with a single YAML header. A dropdown permission system controls each note - freely editable, limited to signed-in users, or locked read-only - and published notes become clean read-only pages for wider distribution. Revisions track every change with the ability to revert to any earlier version. The AGPL-3.0 codebase is light enough to run on a Raspberry Pi and deploys via Docker with PostgreSQL, MySQL, or SQLite. Authentication covers LDAP, SAML, OAuth2, and email. It deliberately stays a focused document editor - no page trees or kanban - and does that one job with excellent keyboard-first ergonomics for meeting notes, RFCs, runbooks, and shared scratchpads.

Deploy
NodeBB screenshot thumbnail

NodeBB

Forum software rebuilt on the modern web stack: NodeBB runs the classic bulletin-board format - categories, threads, local accounts - in real time, on Node.js over MongoDB, Redis, or PostgreSQL. WebSockets stream new posts into open topics as they're written and deliver instant notifications for follows, likes, and subscriptions; built-in chat supports side-by-side private conversations. The headline of recent versions is core ActivityPub federation: your forum can follow, share, and converse with other NodeBB instances, Mastodon, Lemmy, and anything else that speaks the protocol, turning an isolated community into a fediverse node. Everything beyond the common core is a plugin - more than 500 plugins and themes install in one click from the admin panel, covering SSO providers, search backends like Elasticsearch and Solr, galleries, calendars, and more. The theming engine extends base templates with SCSS/CSS on Bootstrap 5, plus a drag-and-drop widget system and custom HTML/CSS/JS injection. Operators get a real-time analytics dashboard, human-readable SEO-friendly URLs with semantic markup, multilingual UI, and full read and write REST APIs for integration. Mobile-first rendering means the same install works everywhere. For communities that outgrew phpBB but don't want Discourse's weight, NodeBB is the natural middle.

Deploy
StirlingPDF screenshot thumbnail

StirlingPDF

Adobe Acrobat and Smallpdf, answered by a self-hosted Java web application: Stirling PDF processes every file with its 60+ tools on your own server and deletes it after the task completes. Nothing is uploaded to a third party, which is the whole point for contracts, invoices, and medical records. The toolbox covers page operations (merge, split at page numbers or scanned dividers, rotate, reorder, crop, extract), conversion in both directions between PDF and Word, Excel, PowerPoint, images, HTML, and Markdown, OCR that turns scans into searchable PDFs via Tesseract/OCRmyPDF (including PDF/A archival conversion), and security tools for passwords, permissions, watermarks, signatures, and true UI-driven text redaction. A built-in viewer handles annotation, drawing, and text or image insertion, and V2 added stateful processing - upload once, chain multiple tools - plus undo/redo history. For automation, nearly every tool has a REST API endpoint, no-code pipelines combine operations into custom logic chains, and watched folders process files automatically. Enterprise deployments get SSO, user management, and audit logging; the interface ships in 40+ languages. With 84K+ GitHub stars it is the most popular PDF tool in self-hosting, replacing $20/month Acrobat subscriptions with flat infrastructure cost.

Deploy
Etherpad screenshot thumbnail

Etherpad

In continuous open-source development since 2009, Etherpad is the original really-real-time collaborative editor - used by Wikimedia, governments, EU public-sector institutions, and tens of thousands of self-hosters. Its core idea is visible authorship: every keystroke is attributed with author colors, every revision preserved, and the timeslider lets you scrub through a document's entire history character by character. Multiple people type into the same pad and see each other's changes instantly - it scales to thousands of simultaneous editors per pad. The base install is deliberately lightweight; capability comes from roughly 290 plugins installable from the admin web UI: comments, images, tables, drawing, video chat via WebRTC, math rendering, code highlighting, and authentication via OAuth, LDAP, or OpenID. AI is pointedly a plugin, not a default - you choose the model and infrastructure, or never turn it on. There is no telemetry. For integrators, an HTTP API (with OpenAPI definitions at /api/openapi.json) manages pads, users, and groups for embedding in your own applications, and the ueberDB abstraction layer supports PostgreSQL, MySQL, Redis, MongoDB, and SQLite backends. Full data export is built in, the format is open, it is translated into 105 languages, and it runs on anything from a Raspberry Pi to a server farm. Apache 2.0 licensed, Node.js based.

Deploy
Grav screenshot thumbnail

Grav

No database anywhere in the stack: Grav, the leading flat-file CMS, builds every page from a folder of Markdown and YAML on PHP, Symfony components, Twig templating, and Doctrine caching. That architecture is the whole argument: content is Git-versionable, rsync-able, and lock-in-free; pages render in well under 100ms without database round-trips; and backup means copying a directory. Content authors write Markdown (or plain HTML), configure with readable YAML, and define custom page structures via blueprint files that generate editing forms automatically. The optional Admin panel adds a polished editing layer: dashboard with site activity, page management with a syntax-highlighted editor and live preview, drag-and-drop media uploads, one-click plugin/theme updates, and normal/expert modes for form-based or raw YAML editing. The ecosystem runs deep - hundreds of open-source plugins and themes installed through the GPM package manager, with an event-hook architecture that gives plugins full control over the request lifecycle, and downloadable skeletons providing entire pre-built sites. Grav 2.0 modernizes the stack (PHP 8.3+, Symfony 7, Twig 3) and adds a first-party REST API, an MCP server for AI agents, and a SvelteKit single-page admin with real-time collaborative editing. Ideal for docs, blogs, and marketing sites. MIT-licensed.

Deploy
OctoPrint screenshot thumbnail

OctoPrint

Over a million active instances make OctoPrint the standard web interface for consumer 3D printers - Gina Häußge's Python application, the center of the printing world since 2012. It talks to your printer over USB serial and turns every browser into a control panel: upload, organize, and start G-code prints; watch hotend and bed temperature graphs in real time; drive the print head manually; adjust feed rate, flow, and fan speed mid-print; and hit an emergency stop if things go wrong. The G-code visualizer renders the current layer in sync with the job, and a connected webcam adds a live feed plus automatic timelapse recording of every build. What keeps OctoPrint ahead is its plugin ecosystem - 300+ community plugins installable from the built-in manager. Highlights include Obico's AI spaghetti detection that pauses failed prints automatically, OctoEverywhere for tunnel-based remote access, Bed Level Visualizer's 3D mesh of your bed surface, PrintTimeGenius for accurate time estimates, Exclude Region to abandon one failed object mid-print while others continue, and Firmware Updater to flash Marlin or Klipper without SD-card shuffling. Event hooks fire notifications when prints finish or fail, and a full REST API supports slicer integration and custom automation. AGPL-licensed.

Deploy
Wiki.js screenshot thumbnail

Wiki.js

Team and product documentation on a fast Vue frontend with PostgreSQL storage: Wiki.js is a Node.js wiki engine. Its distinguishing trait is per-page editor choice: authors pick Markdown with live preview, a WYSIWYG visual builder for non-technical writers, or raw HTML, page by page. Native Git synchronization commits every page change to GitHub, GitLab, Bitbucket, Azure DevOps, or any Git remote - bi-directionally, so edits made in the repository flow back into the wiki - giving documentation version-controlled backup for free. Authentication coverage is among the broadest of any self-hosted wiki: local accounts with self-registration, social login via Google, GitHub, Discord, and Slack, and enterprise SSO through LDAP/Active Directory, SAML, CAS, Auth0, Okta, Azure AD, Keycloak, and generic OAuth2/OIDC, with optional MFA. Built-in full-text search runs on PostgreSQL with zero setup, and external engines like Algolia or Solr can substitute. Page history with visual version comparison, granular group-based permissions per path, nested navigation menus, 50+ integration modules, and full localization round it out. AGPLv3-licensed with a 28k-star community.

Deploy
PocketBase screenshot thumbnail

PocketBase

An entire backend in a single Go executable: PocketBase embeds SQLite with realtime subscriptions, authentication and user management, file storage, and an admin dashboard, all behind a REST-ish API. SQLite runs in WAL mode, which outperforms client-server databases for the read-heavy workloads typical of small and mid-sized apps. Authentication supports email/password, one-time passwords, and 15+ OAuth2 providers including Google, Apple, and GitHub, with stateless tokens. Clients subscribe to record changes over server-sent events, and official JavaScript and Dart SDKs cover web, mobile, and Flutter frontends. Collections, rules, and API access permissions are managed visually in the admin UI. When you need custom logic, extend it with JavaScript hooks running in the embedded JS VM of the prebuilt binary, or import PocketBase as a Go library and compile custom business logic into your own single-file backend. File storage attaches uploads to records with thumbnail generation for images and optional S3-compatible external storage. All state lives in one pb_data directory, so backup is a directory copy and upgrade is replacing a binary - one of the lowest-maintenance backends you can run. The contrast with Firebase is the point: where usage-based pricing scales with reads, writes, and bandwidth, PocketBase runs the entire backend at flat hosting cost, and the data is a plain SQLite file you can copy anywhere. MIT-licensed.

Deploy
UptimeKuma screenshot thumbnail

UptimeKuma

Sixty-thousand-plus GitHub stars make Uptime Kuma the most popular self-hosted monitoring tool - MIT-licensed, Node.js, and the standard replacement for UptimeRobot, Pingdom, and Freshping. It watches a dozen monitor types: HTTP(S) endpoints with keyword and JSON-query content validation, TCP ports, ICMP ping, DNS records, WebSockets, Docker containers via the socket, Steam game servers, MQTT brokers, gRPC services, and push-based heartbeats for cron jobs and internal workers. Checks run at intervals as tight as 20 seconds - versus UptimeRobot's 5-minute free tier - with unlimited monitors and unlimited data retention. When something fails, alerts fan out through 90+ notification channels: Slack, Discord, Telegram, email with LiquidJS templating, PagerDuty, OpsGenie, ntfy, Gotify, Matrix, and dozens more via native providers plus the Apprise library. Unlimited public or password-protected status pages - mappable to specific domains and organized into monitor groups - communicate health to customers, with maintenance windows that suppress alerts during planned work. The reactive dashboard graphs response times, tracks SSL certificate expiry with advance warnings, supports proxies and 2FA, and ships in dozens of languages. One Docker container with a SQLite volume covers an entire infrastructure.

Deploy
Kanboard screenshot thumbnail

Kanboard

"Less is more" is Kanboard's stated philosophy, and the free, MIT-licensed PHP application lives it: drag tasks between customizable columns, enforce work-in-progress limits per column, and slice boards horizontally with swimlanes for releases, teams, or priorities. Tasks carry what matters - colors, categories, subtasks with time estimates, Markdown descriptions, comments, attachments, internal links, and due dates - and move or duplicate across projects in one click. A concise query language filters any board dynamically (assignee, category, due date, description), and saved filters become custom views. The automatic-actions engine kills repetitive triage: on events like column moves or task creation, Kanboard reassigns, recolors, recategorizes, or closes tasks by rule. Around the board sit a calendar, per-project analytics (cumulative flow, lead and cycle time), Gantt view, and time tracking. Authentication spans LDAP/Active Directory, Google, GitHub, GitLab, and reverse-proxy headers; a JSON-RPC API, webhooks for creating tasks from external systems, and a CLI cover integration. A large community plugin catalog adds what core deliberately omits. With no external dependencies, it runs happily on anything from a Raspberry Pi up - translated into 30+ languages.

Deploy