Owncast
Twitch and YouTube Live, replaced by infrastructure you control: Owncast is a self-hosted live streaming and chat server. Point OBS, Streamlabs, or any RTMP-capable broadcaster at the server's ingest port, and Owncast transcodes the feed with FFmpeg into HLS with multiple quality variants, playing it in a built-in web page with a real-time chat beside it. Chat supports anonymous participation, custom emotes, and moderation tools - message removal, user bans and suspensions - with optional authentication via IndieAuth or a Fediverse account. ActivityPub integration puts the stream on the Fediverse: viewers on Mastodon and compatible services can follow a channel and get notified the moment it goes live. Video delivery can come straight off the server or offload HLS segments to S3-compatible object storage so a modest VPS handles thousands of concurrent viewers while only managing ingest and chat. The backend is a single Go binary with a React frontend - no accounts platform, no database server, no dependency stack - and the player embeds in any website. MIT-licensed, with roughly 9k GitHub stars, zero platform fees, and no algorithm or takedown policy between you and your audience.
Roundcube
Two decades of continuous development made Roundcube the standard-bearer of open-source webmail - a PHP IMAP client that gives any mail server a polished, application-like interface in the browser. It connects to whatever IMAP/SMTP stack you run - Dovecot, Postfix, a hosted mailbox - and delivers the full desktop-client experience: drag-and-drop message management, threaded conversation views, full MIME and HTML mail handling, find-as-you-type address book with groups and LDAP connectors, multiple sender identities, full-text search, and spell checking in dozens of languages. The default Elastic skin is genuinely responsive, working as well on a phone as a desktop, and the entire UI is skinnable. The plugin API is where deployments get shaped: managesieve exposes server-side filter management in the UI, enigma brings PGP encryption and signing via GnuPG, markasjunk trains spam filters, zipdownload batches attachments, password lets users change credentials, and attachment_reminder catches the classic forgotten-attachment email - among hundreds of community plugins. Built-in caching keeps large mailboxes fast, IMAP ACLs and shared folders support team setups, and XSS protection is engineered into the rendering pipeline. It scales from a single personal mailbox to unlimited users, backed by MySQL, MariaDB, PostgreSQL, or SQLite. GPL-licensed with regular security releases.
Tolgee
Hold Alt/Option, click any string in your running app, and edit the translation in place: Tolgee is an open-source localization platform built the way developers wish translation worked - changes save straight to the platform with no hunting through JSON or PO files. In-context editing works even in production via the Tolgee Tools browser extension, which injects credentials without touching source code, so a client or colleague with zero coding skills can translate the product inside the product. The SDKs (React, Angular, Vue, Svelte, plus iOS and Android) extract context from each UI element and capture one-click screenshots, giving both human translators and machines the surrounding meaning that raw string files lose. Autonomous translation uses that context: new keys are instantly filled from translation memory or machine translation (DeepL, Google Translate, AWS Translate), with optional human review afterward - shipping no longer waits on a translation agency. A CLI handles import/export, a REST API covers automation, a Figma plugin bridges design, and an MCP server lets AI coding assistants search keys, create translations, and trigger machine translation without leaving the editor. Self-hosting this Crowdin/Phrase/Lokalise alternative keeps every string, screenshot, and API key on your infrastructure.
Tiddlywiki
The entire wiki - content, code, and interface - is built from "tiddlers," small addressable units of information that link, transclude, tag, and filter into each other: TiddlyWiki is a non-linear personal notebook with a design philosophy unlike anything else in this catalog. Instead of pages in a hierarchy, you compose views by pulling tiddlers together on demand, which is why researchers, zettelkasten practitioners, and GTD devotees have sworn by it for two decades. The whole application is JavaScript, and the UI itself is written in hackable WikiText - customization goes as deep as rewriting the interface from inside the wiki. Self-hosting runs the Node.js version, which upgrades the classic single-HTML-file architecture in the ways that matter for a server: every tiddler is stored as an individual text file (Git-friendly, organizable), edits save through the HTTP API from any modern browser including phones, and one installation can serve multiple wikis blending shared and unique content. The plugin ecosystem covers graph visualizations, themes, languages, and hundreds of community extensions, declared per-wiki in a simple tiddlywiki.info file; the newer MultiWikiServer plugin adds multi-user accounts and tiddler sharing. Your notes stay usable for decades, independent of any corporation - the project's founding promise. BSD-licensed.
The Lounge
"Forget about bouncers" became a real sentence because of The Lounge: a Node.js web IRC client that holds persistent connections to your networks 24/7, logging everything while you sleep, so closing the browser tab never means missing a message or losing your place in a channel. Open it again from any device - desktop, phone, tablet - and you resume exactly where you left off, with full history synchronized. Because it combines bouncer and client in one process, the experience feels like a modern chat app rather than 1990s infrastructure: push notifications for highlights and private messages (with self-generated VAPID keys, so even Web Push needs no third-party service), automatic link previews, inline file and image uploads, and full IRCv3 protocol support. It installs as a progressive web app from any modern browser, so phones get a native-feel client without an app store. Multi-user support means one instance serves your whole team or community, each user with their own networks and history, and LDAP integration ties into existing authentication. A public mode alternatively serves as an open, registration-free web chat for events or support channels. MIT-licensed, born as a fork of Shout, and a fixture of self-hosting stacks since.
Manager.io
Full double-entry accounting on your own server: Manager.io Server Edition runs the same engine as the free desktop edition as a web server, so unlimited users work in unlimited businesses concurrently, with all books on infrastructure you control. The module coverage is genuinely comprehensive - general ledger with a customizable chart of accounts, sales and purchase invoices, quotes and orders, bank and cash account reconciliation, inventory with stock tracking, fixed assets with depreciation, payroll, multi-currency with exchange gains and losses, tax codes for VAT and GST regimes, and the complete reporting stack: balance sheet, profit and loss, trial balance, aged receivables and payables, and cash flow statements. The interface is translated into more than seventy languages, reflecting a genuinely global user base. The licensing model is the refreshing part: a server license is a one-time perpetual purchase, not a subscription - twelve months of updates included, optional renewals after, no per-user tiers, no data limits, and you can downgrade to the free desktop edition anytime, so your books are never hostage. Businesses wanting collaborative accounting behind their own firewall, with data sovereignty and no monthly fees, get exactly that.
ExpenseOwl
Log a date, amount, and category; get a clean monthly pie chart and a cashflow strip showing income, expenses, and net balance - ExpenseOwl is expense tracking stripped to what actually matters. The MIT-licensed Go application deliberately is not a budgeting system - no envelopes, no accounts, no double-entry, no bank sync - because its author found tools like Firefly III and Actual too heavy for the simple question "where did this month's money go?" The dashboard makes that question fast: click a pie slice to exclude fixed costs like rent and see discretionary spending clearly, then drill into a chronological table view to inspect or delete individual transactions. Recurring transactions handle salaries and subscriptions automatically, optional tags add a second classification axis, and settings cover custom categories, currency symbol, and a configurable month start date for non-calendar pay cycles. CSV import migrates data from virtually any other tool, and CSV export keeps your data portable. It ships as a self-contained binary and multi-architecture Docker image with zero internet interaction, stores data in flat JSON files by default (PostgreSQL optional), and installs as a PWA on phones. Single-user by design; pair it with an authenticating reverse proxy if exposed publicly.
Shaarli
Personal, minimalist, database-free bookmarking - Shaarli is a philosophy as much as an app. Everything lives in a single compressed datastore file inside data/: no MySQL, no PostgreSQL, backup by copying one directory. That write-once/read-many file is usually served straight from OS disk caches, which is why a decade-old Shaarli instance with tens of thousands of links still responds instantly. Designed deliberately single-user, it saves URL, title, unlimited-length description, and tags (with autocomplete, renaming, and merging), marks entries public or private, and automatically strips utm_source and fb tracking parameters from saved URLs. That description field is why the community uses Shaarli as far more than bookmarks: a microblog, read-it-later queue, code-snippet base, pastebin, and shared clipboard between machines. Sharing is one click via bookmarklet or Android apps; consumption is per-tag RSS/Atom feeds plus a daily digest feed; search is full-text with tag filtering. A REST API opens it to any client, a plugin and theme system extends the PHP core (Markdown rendering, thumbnails), and import/export uses browser-standard Netscape HTML - your data enters and leaves freely. LDAP login is supported, no telemetry is sent anywhere, and the UI degrades gracefully without JavaScript. The anti-cloud Delicious.
GoToSocial
Mastodon serves single-user and small-community instances poorly; GoToSocial, an ActivityPub server written in Go, was built precisely for them. Where Mastodon demands Ruby, PostgreSQL, Redis, and Sidekiq, GoToSocial is one binary using roughly 250-350 MiB of RAM with SQLite as the default database (PostgreSQL optional) - it runs comfortably on a $5 VPS or a repurposed laptop. The deliberate design choice is having no built-in web client: the server exposes profile pages, a settings panel, and a faithful implementation of the Mastodon API, and you post through the client app you already like - Tusky on Android, Feditext on iOS, Pinafore or Phanpy in the browser. Federation is the point: your instance follows, boosts, and replies across Mastodon, Misskey, Pixelfed, and the rest of the Fediverse, with your identity anchored to your own domain. Safety is a stated focus, with granular per-post visibility and interaction controls, content warnings, custom emoji, hashtag following, domain allow/blocklists, and OIDC login support. Built-in Let's Encrypt provisioning simplifies the mandatory TLS. AGPL-3.0 licensed and in active beta, federating cleanly with the ecosystem's major servers.
PsiTransfer
Upload files, get a share link, let it expire: PsiTransfer is a self-hosted WeTransfer with no accounts, no logins, and no third-party cloud with size caps and metadata harvesting. The engineering focus is large files over imperfect networks. Uploads use the tus.io resumable protocol, so a dropped connection on a multi-gigabyte video resumes exactly where it stopped once you're back online; downloads support HTTP range headers for the same resilience, and everything streams, so file size is bounded by your disk rather than memory. Files organize into upload buckets with retention you control: expire after a set time (up to weeks) or after a one-time download, with automatic cleanup when links lapse. Recipients need nothing installed - they open the link, preview files in modal views, and grab everything as a zip or tar.gz archive with one click. Buckets can be password-protected (AES-encrypted download lists), and security-through-obscurity is done properly: bucket URLs use hashed UUID tokens and stored filenames are replaced with UUIDs. An optional admin page (enabled by setting an admin password) lists bucket information and storage. The Vue.js frontend ships under 100 KB gzipped and is fully responsive. Honest caveat from the author: no end-to-end payload encryption yet. BSD-licensed, Docker-ready.
Passbolt
Security-conscious IT departments pick Passbolt for its cryptography: every user holds an OpenPGP key pair, and shared credentials are encrypted individually to each recipient's public key - real end-to-end encryption, not a vault password handed around. All crypto runs client-side in the mandatory browser extension (distributed and signed through the Chrome and Firefox stores, deliberately separating the crypto code from the server that stores ciphertext); private keys and passphrases never touch your instance, and the server admin cannot read a single secret. Authentication uses the challenge-based GpgAuth protocol, secrets are digitally signed to verify sender integrity, and metadata encryption extends protection to resource names and URLs. Day to day it behaves like a polished commercial manager: auto-fill and auto-save in forms, strong password generation, anti-phishing protection, TOTP storage, folder hierarchies shared per-user or per-group with fine-grained permissions and instant cryptographic revocation. Native iOS, Android, and desktop apps ship alongside a JSON API, CLI, and SDKs for CI/CD secret retrieval and rotation. The PHP server runs on MariaDB and is AGPL-licensed open source - including the paid tiers' codebase - with published security audits.
OctoPrint
Over a million active instances make OctoPrint the standard web interface for consumer 3D printers - Gina Häußge's Python application, the center of the printing world since 2012. It talks to your printer over USB serial and turns every browser into a control panel: upload, organize, and start G-code prints; watch hotend and bed temperature graphs in real time; drive the print head manually; adjust feed rate, flow, and fan speed mid-print; and hit an emergency stop if things go wrong. The G-code visualizer renders the current layer in sync with the job, and a connected webcam adds a live feed plus automatic timelapse recording of every build. What keeps OctoPrint ahead is its plugin ecosystem - 300+ community plugins installable from the built-in manager. Highlights include Obico's AI spaghetti detection that pauses failed prints automatically, OctoEverywhere for tunnel-based remote access, Bed Level Visualizer's 3D mesh of your bed surface, PrintTimeGenius for accurate time estimates, Exclude Region to abandon one failed object mid-print while others continue, and Firmware Updater to flash Marlin or Klipper without SD-card shuffling. Event hooks fire notifications when prints finish or fail, and a full REST API supports slicer integration and custom automation. AGPL-licensed.
Hastebin
"Throw it on a haste and send the link" entered developer vocabulary because of Hastebin (haste-server), the minimalist open-source pastebin. Written in Node.js with three stated design goals - be really pretty, be really simple, be easy to set up - it does one job precisely: paste code, logs, stack traces, or config snippets, press save (or Ctrl+N for a new one), and get a short random-key URL to share. Syntax highlighting renders pastes readably across common languages, a raw view serves plain text for curl and scripts, and duplicate-and-edit makes iterating on a shared snippet trivial. The killer workflow is the terminal: with the haste-client utility or a one-line shell function, `cat error.log | haste` prints a shareable URL straight from stdout - the fastest route from a broken build to a colleague's eyeballs. Storage is pluggable through a simple adapter interface: filesystem by default, Redis with optional key expiration for pastes that should age out, and configurable key length, maximum paste size, and static documents. Self-hosting matters here because pastes often contain internal logs and stack traces that should never sit on a public pastebin - your instance keeps them inside your network, under your retention rules.
mCaptcha
The CAPTCHA bargain - annoy your users and feed their behavior to Google - gets replaced with economics by mCaptcha. Instead of image puzzles, it uses SHA256 proof-of-work: every visitor's browser silently solves a small computational challenge (via a WebAssembly library) before submitting a form. Humans never notice the milliseconds; bots hammering your site must burn more compute sending requests than your server spends answering them, which makes attacks more expensive than defense - the property that also makes mCaptcha genuine DoS protection, not just bot filtering. Written in Rust, the system is fully automated: difficulty scales with traffic, so challenges stay trivial in normal conditions and harden under attack. The privacy and accessibility wins are structural rather than promised: no tracking, no profiling, no user-pattern data collection, and no visual puzzles that exclude users with visual or cognitive impairments - the design was published in Communications of the ACM. Rate limiting is IP-independent, so users behind NATs, VPNs, or Tor get the same experience instead of endless challenge loops, and proofs resist replay attacks, neutering captcha farms. Migration is deliberately easy: the API is compatible with reCAPTCHA and hCaptcha, making it a drop-in replacement. AGPL-licensed core with proprietary-friendly client libraries.
Supertokens Core
Authentication that lives inside your application rather than behind a redirect to an external identity provider - SuperTokens takes a fundamentally different architecture from Auth0 and AWS Cognito. Three tiers make that work - frontend SDKs (React, Angular, Vue, vanilla JS, React Native) render overridable login UI and manage tokens; backend SDKs (Node.js, Python, Go) expose auth endpoints on your own API domain; and SuperTokens Core, the piece you host here, is the stateless HTTP service handling core auth logic, password hashing, token signing, and database operations against PostgreSQL. The recipe system keeps features decoupled: use email/password, social login, passwordless (magic links, OTP), phone-password, multi-factor authentication (TOTP, WebAuthn), user roles, and microservice auth - individually or combined; you can even use SuperTokens purely for session management alongside another login provider. Sessions are where it shines: rotating refresh tokens with theft detection, automatic access-token refresh, CSRF protection, and secure cookie handling out of the box - the details that become vulnerabilities when hand-rolled. Verification happens locally in your backend via cached JWT signing keys, so the Core stays off the hot path. Self-hosted means no user limits, free forever, with all user data in your database. Apache-licensed.
WBO
A Node.js server, a large shared canvas, and a URL - WBO (Whiteboard Ophir) is collaborative whiteboarding reduced to its essence. There are no accounts and no setup - to collaborate, you send someone the board's link, and every stroke appears for all connected users in real time over WebSockets, with cursor positions shared so you can see where collaborators are working. Board state persists automatically and continuously, so a diagram drawn in today's lesson is still there next week at the same URL. Boards come in three flavors: a public free-for-all, private boards with random unguessable names, and named boards with custom URLs shared by anyone who knows the name. The tools cover teaching and brainstorming needs - pencil, straight lines, rectangles, ellipses, text annotations, eraser, a full color palette with brush sizes - and boards export as SVG or PNG. Despite the simplicity, the server is production-minded: JWT authentication gates board access with granular capabilities (open, edit, and clear as separate permissions), rate limiting caps per-client message volume, reverse-proxy and subpath deployment are supported, and OpenTelemetry provides metrics, logs, and traces. It works on tablets and touch devices, speaks multiple languages, and consumes minimal resources. AGPL-licensed.
Upvote RSS
The antidote to doomscrolling: Upvote RSS turns Reddit, Hacker News, Lemmy, Lobsters, PieFed, Mbin, and trending GitHub repositories into calm, filtered RSS feeds. The MIT-licensed PHP app's killer feature is intelligent filtering: beyond simple score thresholds, the "posts per day" filter analyzes a community's recent history and computes the score cutoff that yields your target volume - say, exactly three r/technology posts daily - while a percentage-based threshold mode stays consistent as communities grow. Feeds are rich, not bare links: parsed full-article content via Readability (with optional Readability.js, Mercury, or Browserless for JavaScript-heavy pages), embedded videos and image galleries, top-voted comments with pinned-moderator filtering, scores, reading-time estimates, and optional AI summaries through Ollama, OpenAI, Gemini, Anthropic, Mistral, DeepSeek, or any OpenAI-compatible endpoint - with automatic provider fallback. A web UI builds the feed URL interactively with live preview; paste the result into any RSS reader. Reddit support includes custom domains like old.reddit.com plus NSFW filtering and blurring. Caching via filesystem, Redis, or APCu keeps repeated fetches cheap and avoids re-running paid summarizations.
Isso
Named from the German "Ich schrei sonst" - roughly "or I'll scream" - Isso is a lightweight Python/JavaScript commenting server, a drop-in Disqus replacement for people who noticed what Disqus does to reader privacy and page load times. The design premise is printed right in the docs: comments are not Big Data. So the backend is a single SQLite file rather than a database cluster, and the entire client is one embeddable JavaScript file - 65 kB, 20 kB gzipped - that you drop into any static site, blog, or CMS. Commenters write in Markdown, need no account, and can edit or delete their own comments within a configurable window (15 minutes by default). Spam control comes from an optional moderation queue: held comments stay invisible until you activate them via an admin interface or email notification links. Migration is a first-class feature, with importers for Disqus and WordPress exports, so years of existing threads move over intact. Because everything is server-rendered from your own instance, no third party tracks your readers, and real-world switchers report smaller pages and faster loads than the Disqus embed. MIT-licensed, running since 2012.