Endurain
A personal Strava on your own server: Endurain is a self-hosted fitness platform that keeps your complete workout history, GPS routes, and health data out of a vendor's cloud. It ingests the standard device formats (.gpx, .tcx, and preferred .fit with full sensor data) via manual or bulk upload, and syncs directly with Strava and Garmin Connect so migrating years of history is straightforward - Garmin sync covers activities, gear, and body composition. The dashboard shows activity feeds with weekly and monthly statistics, routes on maps, and distance, speed, and training-volume trends over time, with definable goals that update automatically. Gear tracking is notably deep: log wetsuits, bicycles, shoes, racquets, skis, and snowboards, assign default gear per activity type, and track individual components like bike chains against replacement mileage. Multi-user support with admin and user roles, follower features, per-activity privacy settings, and configurable sign-up (email verification, admin approval) make it usable for clubs and coaches as well as individuals. Auth is serious for a fitness app: MFA TOTP, OIDC/SAML SSO, and email-based password resets via Apprise. The stack is Vue.js over a Python FastAPI backend with PostgreSQL, plus weight, steps, and sleep logging, imperial/metric units, multi-language support, and third-party app integration.
pgweb
Inspect a PostgreSQL database right now, without installing pgAdmin or exposing Postgres to the internet - pgweb answers that recurring need. It's a Go application from Dan Sosedoff, a decade in development, shipped as a single statically-linked binary with zero dependencies - the Docker image is essentially just the executable - that puts a clean browser UI in front of any PostgreSQL 9.1+ server. Connect via URL string or host/port credentials, and browse tables, views, and sequences from the sidebar; selecting a table shows its rows immediately alongside tabs for structure, indexes, and constraints. The Query tab executes arbitrary SQL with query history, and the Explain Query button renders the query plan - estimated cost, row counts, execution strategy - which makes pgweb a quick performance-triage tool, not just a browser. Results and entire tables export to CSV, JSON, or XML in a click. Connectivity is more flexible than its size suggests: native SSH tunneling (password or key) reaches databases behind firewalls, server bookmarks make switching instances instant, and an optional multi-session mode handles several databases concurrently. For a RepoCloud stack full of Postgres-backed apps, one pgweb instance is the universal inspection hatch. MIT-licensed, actively maintained.
Shiori
Most web links eventually break - the sobering statistic Shiori, a bookmark manager with archiving by default, is built on. Its answer is archiving by default - where possible, every bookmark you save gets a clean, readable offline copy parsed from the page, ads and navigation stripped, so the article survives even after the original URL dies. Conceived as a simple Pocket clone and written in Go, the entire server is a single binary using roughly 25-30 MB of RAM with SQLite out of the box (Postgres and MySQL supported) - genuinely the lightest archiving bookmark manager you can run. Saving is one click through the Firefox and Chrome extensions, and finding things again is where Shiori quietly outperforms its size: full-text search covers the archived page content, not just titles and tags, so you can find that article by a phrase you remember from paragraph six. Reader mode presents the cleaned text; archive mode shows the preserved page. It's dual-interface by design - a pretty web UI (installable as a PWA on mobile) and a complete CLI for terminal devotees - plus a REST API for scripting. Pocket imports work natively, and Netscape HTML handles browser imports and exports. Multi-user support included. MIT-licensed.
Radicale
Calendars, to-do lists, journal entries, and contacts, synced over the open CalDAV and CardDAV standards nearly every client already speaks: Radicale is a small pure-Python server that works with Thunderbird, DAVx5 on Android, Apple Calendar and Contacts, GNOME, and many more. Its defining design choice is radical simplicity: there is no database. Events live as plain .ics files and contacts as .vcf files in an ordinary folder structure, which makes backup a copy command, migration a move, and disaster recovery a matter of reading text files. The server works out of the box with no complicated setup, then grows as needed: flexible authentication (htpasswd files among other methods), per-collection authorization rules, TLS-secured connections, and a plugin system for extending storage, auth, and rights handling. Built-in limits on parallel connections, file sizes, and failed authentication attempts harden it for network exposure behind a reverse proxy. A bundled web interface handles creating and managing calendars and address books - useful since many clients cannot create collections themselves. Maintained since 2011 with 140+ contributors, GPLv3-licensed, and light enough to run on the smallest VPS or a Raspberry Pi.
Tolgee
Hold Alt/Option, click any string in your running app, and edit the translation in place: Tolgee is an open-source localization platform built the way developers wish translation worked - changes save straight to the platform with no hunting through JSON or PO files. In-context editing works even in production via the Tolgee Tools browser extension, which injects credentials without touching source code, so a client or colleague with zero coding skills can translate the product inside the product. The SDKs (React, Angular, Vue, Svelte, plus iOS and Android) extract context from each UI element and capture one-click screenshots, giving both human translators and machines the surrounding meaning that raw string files lose. Autonomous translation uses that context: new keys are instantly filled from translation memory or machine translation (DeepL, Google Translate, AWS Translate), with optional human review afterward - shipping no longer waits on a translation agency. A CLI handles import/export, a REST API covers automation, a Figma plugin bridges design, and an MCP server lets AI coding assistants search keys, create translations, and trigger machine translation without leaving the editor. Self-hosting this Crowdin/Phrase/Lokalise alternative keeps every string, screenshot, and API key on your infrastructure.
Ties
A federated bookmark manager written in Rust: Ties (formerly linkblocks) is your own small corner of the web for saving, organizing, and sharing good pages, connected to the fediverse over ActivityPub. Instead of rigid folders, bookmarks live in arbitrarily nested lists that link together into a knowledge graph. Saved pages are fetched, converted to a readable archived version, and stored in the database, so full-text search covers titles, URLs, and the actual page text - and the content survives if the original disappears. The federation model is deliberately anti-viral: there is no global timeline and no algorithmic feed. You publish public lists for anyone, follow users whose taste you trust, and mark trusted users whose bookmarks become part of your search range - extendable to trusted-users-of-trusted-users for a wider net. Public bookmarks post to Mastodon timelines, and WebFinger lookup makes your handle discoverable across fediverse platforms. Operationally it is about as light as web software gets: a single binary with all assets baked in, integrated TLS so it can run without a reverse proxy, PostgreSQL as the only dependency, OIDC single sign-on, and a bookmarklet for one-click saves. Note the project is alpha: single-user instances only, and all data should be considered public. AGPL-3.0 licensed, built with Rust and htmx.
Freescout
Unlimited agents, unlimited tickets, unlimited mailboxes, forever, on a $4 VPS - FreeScout's pricing inversion is why it became the most popular self-hosted Help Scout alternative, a PHP/Laravel help desk and shared inbox developed from scratch over eight years. The inbox deliberately behaves like Gmail or Outlook, so new support agents need close to zero training. The email-support core is genuinely complete: seamless IMAP/SMTP integration including modern Microsoft Exchange authentication, collision detection that warns when two agents open the same conversation, canned responses, auto-replies, internal notes, open tracking, starring, forwarding, merging, and moving conversations between mailboxes, phone-call logging, push notifications, and an auto-refreshing conversation list - plus screenshot pasting straight from the clipboard into replies. It's 100% mobile-friendly, fully screen-reader accessible, and translated into 28 languages. Beyond the core, an ecosystem of 100+ modules (mostly one-time $12-20 purchases) adds knowledge base, workflows with Gmail-filter-style automation rules, satisfaction ratings, time tracking, tags, custom fields, LDAP, Slack, WhatsApp and Telegram channels, and an API with webhooks - pay only for what your team needs. Web installer and updater included. AGPL-licensed.
Jirafeau
Upload a file, get a unique download link and a separate delete link - Jirafeau has done exactly this one thing since 2008. It is plain PHP with no database, no mail server, no JavaScript framework, and no external dependencies - files and metadata live on the filesystem, which is why it runs on nearly anything and why it has outlasted most of its imitators. Uploads use the HTML5 file API, so PHP's post_max_size ceiling does not constrain file size, with live progress showing speed, percentage, and time remaining. Every upload takes options: expiration from one minute to a year to unlimited, self-destruct after first download, and password protection with configurable policy - passwords can be optional, required, or server-generated with complexity rules. Server-side encryption (modern builds use XChaCha20-Poly1305) stores files encrypted at rest with the decrypt key embedded only in the download URL, never on the server, so a compromised host cannot read the contents. Unencrypted deployments get file-level deduplication - identical files stored once with multiple links. Upload access can be gated by password lists or IP allowlists, a small admin panel manages stored files, and a CLI cleanup script handles expired files via cron. Recipients can preview supported files in-browser.
ClassicPress
WordPress without Gutenberg: ClassicPress, the community-led fork, keeps the TinyMCE classic editor as the default and strips the block editor and Full Site Editing out of core entirely. The result is roughly half WordPress's size - obsolete libraries like jQueryUI, Thickbox, and Flash support are gone, replaced by native HTML5 elements and modern alternatives like SortableJS - which translates to a measurably faster admin and a leaner attack surface. Forked from WordPress 6.2, it remains compatible with the vast plugin and theme ecosystem targeting that lineage (anything not requiring blocks generally works, helped by a blocks-compatibility mode), and the PHP-first WordPress API developers have used for over a decade works unchanged - no React required to extend your CMS. The fork adds its own improvements: built-in media categories and tags with bulk editing, revision management that lets you prune database bloat, native HTML5 dialogs for accessible touch-friendly menus, and recent releases bring APCu object-cache support, vanilla-JS core widgets, and performant translations. Governance is democratic and community-driven rather than corporate. For content sites, business sites, and blogs where the classic editing workflow is the feature, ClassicPress is stability as a philosophy.
Octobox
What Gmail did for email, Octobox does for GitHub notifications: an ephemeral, unmanageable stream becomes an inbox you can actually triage. GitHub marks notifications read the moment you glance at them and lets old ones vanish days later; heavy maintainers end up building elaborate Gmail filter systems just to cope. Octobox - a Ruby on Rails app over PostgreSQL - syncs your notifications into a persistent inbox with an explicit archived state: mark a thread done, and if the issue or PR sees new activity, it pops back automatically, so nothing silently falls through. Triage is keyboard-driven with Gmail-style shortcuts (j/k to navigate, e to archive, m to mute, s to star), and multi-select clears noisy repositories in bulk. Filtering is where it earns its keep: slice by repository, organization, type, action, state, reason, CI status, labels, author, assignee, or bot origin, combine prefix search filters, and pin favorite searches to the sidebar. The optional GitHub App enriches entries with live PR/CI status and labels so you can decide without clicking through. Auto-archive rules clear merged PRs and closed issues; muting and snoozing silence the rest. A REST API supports integrations. Self-hosting keeps your notification metadata - a map of everything you work on - on your own server.
Wally
Started as an ExpenseOwl-inspired project, Wally grew into a lightweight, self-hosted expense tracker more capable in every direction its author touched. The backend is Python FastAPI over SQLite, which means every deployment ships a full REST API with interactive documentation at /api/docs - automating imports or wiring in external tools requires no reverse engineering, and when the optional login page is enabled you can mint scoped API keys from the Settings page for token-based integrations. The transactions view is built on AG Grid, bringing real search, column sorting, and per-column filtering to your ledger, with a footer totaling rows, income, and expenses for whatever slice you have filtered. Dashboards go beyond the usual monthly doughnut: a Change button swaps in year-scale line graphs so you can track a single category - restaurants, say - across time. Recurring transactions edit intelligently, letting you apply changes to all instances or only future ones. CSV import and export use a simple six-column format handled from Settings, the refined dark theme is genuinely easy on the eyes, and the interface is translated into more than ten languages. The whole thing runs from one small container with a single data volume.
KeeWeb
Your KeePass vaults, opened from any browser: KeeWeb reads, edits, and creates standard KDBX files, so it works with the same databases as KeePass and KeePassXC without conversion or lock-in. Self-hosting the web app gives you a password manager reachable from any modern browser, including mobile, with no client installation and no third-party cloud in the loop. All KDBX cryptography runs client-side; the server just serves the static app. Open multiple vault files simultaneously and search them all from one box, with advanced options covering specific fields, password history, and regular expressions. Vaults load from local files, your own server (WebDAV), or Dropbox, Google Drive, and OneDrive, with automatic sync - and files are cached for offline use, so a dropped connection never locks you out; changes resync once you're back online. Day-to-day niceties include a configurable password generator, protected fields that stay masked and are held in memory more defensively, entry history, tags with easy input, drag-and-drop attachments, and per-entry icons with favicon fetching. The optional KeeWeb Connect extension (Chrome, Firefox, Edge, Safari) autofills credentials using the keepassxc-protocol. MIT-licensed with matching desktop apps for macOS, Windows, and Linux.
Password Pusher
Credentials sitting forever in email threads and chat scrollback - Password Pusher solves that everyday security failure. Instead of pasting a password into Slack, you push it - a password, note, file, URL, or QR code - and share a unique one-time link that expires after a set number of views, a time limit, or both. Content is encrypted at rest with AES-GCM under a configurable master key, optionally guarded by a passphrase, and permanently deleted from the database the moment it expires; a retrieval-step option keeps URL-scanning bots from consuming views. Full audit logs record when each link was created and viewed (and by whom, with logins), and TOTP two-factor authentication can be required instance-wide. The delivery page is deliberately unbranded - no logos or confusing links for recipients - and the interface ships in 31 languages with light and dark themes. Automation runs through a JSON API (v2), an official CLI for pushing and expiring secrets from the terminal, a Chrome extension, and a catalog of third-party integrations. Apache-2.0 licensed Ruby on Rails, deployable via Docker, Kubernetes, or Helm, with SQLite or PostgreSQL storage - the sysadmin staple for sending credentials that clean up after themselves.
Fireshare
The moment after ShadowPlay saves a great clip is what Fireshare was built for: your friends see it now, not after a YouTube upload, processing queue, and platform terms review. Drop videos into a watched folder and this Flask/React application generates a unique shareable URL for each one, complete with Open Graph metadata - so pasting the link into Discord, Twitter, or Slack produces a proper embed with title, description, and video thumbnail instead of a raw URL. Viewers need no account and no app. Visibility is per-file: public (browseable on your feed), private (unlisted, reachable only by direct link), or password protected. For game clips specifically, Fireshare organizes automatically - clips sort by game with cover art pulled from SteamGridDB, no manual tagging - while tags and full-library search cover everything else. Optional transcoding (CPU or GPU) creates lower-quality renditions so viewers on weak connections get automatic quality adaptation, and video cropping trims clips in place. The extras round out a genuinely finished tool: view counters, timestamped share links, a shuffle button, restrictable uploads, Discord notifications for new videos, an RSS feed of the public feed, mobile support, and LDAP for multi-user setups. No storage limits, no watermarks, no platform deciding what stays up. GPL-licensed.
Chief-Onboarding
New hires fail from information overload and IT bottlenecks, not lack of goodwill - the observation behind ChiefOnboarding, a free, open-source employee onboarding platform (Django, Celery, PostgreSQL, Redis). Its answer is sequences - drag-and-drop timelines that drip-feed to-do items, resources, courses, forms, and badges to each new hire, triggered by dates or by completing a previous item, so nobody faces everything at once. Onboarding starts before day one: preboarding pages welcome hires early, and colleagues can leave personal messages that appear there. The account provisioning module creates the new hire's Slack, Google, Asana, and other accounts automatically on the scheduled day via a library of integrations plus custom webhooks - the IT ticket queue never gets involved. Everything works through two equivalent interfaces: a full web dashboard and a Slack bot, either usable standalone. Slack can even auto-create new hire accounts when someone joins the workspace and assign default sequences with zero manual action. Colleague tasks with comments and collaboration, a searchable people directory, scheduled introductions, and per-hire timezone awareness (no 3 a.m. notifications) round it out. No trackers, no phoning home - third-party credentials sit in encrypted fields on your server.
HumHub
Workplace and Yammer's pattern on your own server, with GDPR compliance by construction rather than contract: HumHub is an open-source enterprise social network from Germany. Built in PHP on Yii2, it organizes everything around four concepts. Users get rich profiles with follows and interactions. Spaces are the structural unit - rooms for departments, projects, events, or clubs, with per-Space permissions, notification settings, and email summaries, and operators can auto-map users into the right Spaces. Content covers posts, wiki pages, photos and video, events, and tasks, with multi-level comments, versioning, archiving, moderation reporting, and filterable full-text search across everything. Modules make it a platform: roughly 80 install-and-activate extensions including Calendar, Wiki, Polls, Tasks, Gallery, News, direct-message Mail, OnlyOffice document editing, Advanced LDAP, SAML and JWT SSO, a RESTful API, mass user import, Translation Manager, and a Theme Builder with custom pages - every one optional and toggleable at runtime. That module economy is why HumHub serves such varied deployments: corporate intranets, city governments, universities, political parties, and nonprofits all configure the same core differently. Requirements are a plain LAMP stack - PHP 8.1+ and MySQL/MariaDB - making it one of the easiest community platforms to operate long-term.
Mstream
"The easiest music streaming server available" is mStream's own billing, and the claim holds up: a lightweight Node.js app that turns a folder of audio files into a private streaming service in minutes, no external database required. Its filesystem-based design is the clever part - the API mirrors your folder structure, so you can browse and play music immediately, before any library scan finishes, and your organization on disk is your organization in the app. It streams flac, mp3, wav, ogg, opus, aac, and m4a, which matters to the audiophile crowd: FLAC plays uncompressed, bit-perfect, with gapless playback for live albums and continuous mixes. The web player runs anywhere a browser does and packs personality - a Milkdrop-style visualizer (Butterchurn), playlist sharing via links, and drag-and-drop uploads straight through the file explorer. Native iOS and Android apps add the feature streaming subscriptions can't match: sync your collection to your phone for true offline playback of music you own. Multi-user support assigns separate directories and permissions per account. Resource usage is famously light - mStream is tested on multi-terabyte libraries and runs happily on a Raspberry Pi, so a small RepoCloud instance serves a lifetime's collection. GPL-licensed, with zero listening-habit telemetry.
Bookstack
Most wikis die of flat page-and-tag sprawl; BookStack's defining decision is enforced structure - an MIT-licensed PHP/Laravel platform (over MySQL) where content lives in a hierarchy of shelves, books, chapters, and pages, the way a physical library works. A shelf maps to a department, a book to "Engineering Runbooks," a chapter to "Database Procedures," a page to the actual document. That opinionation removes the "where does this go?" friction and keeps knowledge bases tidy as they grow. Editing works both ways: a clean WYSIWYG editor for most users, a Markdown editor with live preview for those who prefer it - switchable per page. Full-text search spans all books or scopes to one, with direct links to individual paragraphs, and include tags let you embed one page's content inside another so shared blocks update everywhere at once. Every edit creates a diffable, revertible revision. Page templates standardize recurring formats, tags add cross-cutting categorization, and built-in diagrams.net integration draws architecture diagrams in place. Authentication covers email/password plus OIDC, SAML2, LDAP, and social login; a full role and permission system locks content down per shelf, book, or page. Pages and books export to PDF, HTML, plain text, and Markdown, a REST API automates content, and the whole thing runs happily on the cheapest VPS you can find.