Wizarr
Getting non-technical friends and family onto a media server is its most tedious chore - Wizarr solves it. Instead of manually creating accounts, dictating server addresses, and explaining which app to install, you send one invite link. When the recipient clicks it, Wizarr creates their account on your server automatically - Plex, Jellyfin, Emby, Audiobookshelf, Komga, Kavita, and Romm are all supported - then walks them through a mobile-first, app-like onboarding wizard: download the right client, sign in, and learn how to request movies through your Overseerr or Ombi instance, with an optional Discord server invite along the way. Invitations are genuinely manageable: set expiration dates, usage limits, passphrases, library-scoped access tiers, and time-limited memberships that end access automatically. The wizard itself is fully customizable - Markdown-based steps managed from the admin UI, organized into pre-invite and post-invite phases (terms of service before joining, app setup after), reorderable bundles assignable to specific invitation types, and combined flows for invites spanning multiple servers. Multi-server and multi-admin support manages several backends from one dashboard, SSO support is plug-and-play, and a REST API with OpenAPI/Swagger documentation covers automation. A Flask/HTMX app in a single Docker container.
Kanboard
"Less is more" is Kanboard's stated philosophy, and the free, MIT-licensed PHP application lives it: drag tasks between customizable columns, enforce work-in-progress limits per column, and slice boards horizontally with swimlanes for releases, teams, or priorities. Tasks carry what matters - colors, categories, subtasks with time estimates, Markdown descriptions, comments, attachments, internal links, and due dates - and move or duplicate across projects in one click. A concise query language filters any board dynamically (assignee, category, due date, description), and saved filters become custom views. The automatic-actions engine kills repetitive triage: on events like column moves or task creation, Kanboard reassigns, recolors, recategorizes, or closes tasks by rule. Around the board sit a calendar, per-project analytics (cumulative flow, lead and cycle time), Gantt view, and time tracking. Authentication spans LDAP/Active Directory, Google, GitHub, GitLab, and reverse-proxy headers; a JSON-RPC API, webhooks for creating tasks from external systems, and a CLI cover integration. A large community plugin catalog adds what core deliberately omits. With no external dependencies, it runs happily on anything from a Raspberry Pi up - translated into 30+ languages.
Apprise-API
One REST call, 130+ notification services: Apprise API wraps the well-known Apprise library in a lightweight Django/Gunicorn microservice, so "send an alert" works the same whether it goes to Slack, Discord, Telegram, Teams, email, SMS, Pushover, or PagerDuty - each addressed by a simple URL scheme. It solves the credential-sprawl problem cleanly: instead of embedding provider tokens in every app, cron job, and CI pipeline, you centralize them here and everything else just POSTs a body and title. Two modes cover every workflow. Stateless calls to /notify carry target URLs in the payload (or fall back to a default set via APPRISE_STATELESS_URLS); stateful mode stores named configurations server-side under keys, so /notify/{KEY} fans out to everything registered - with tag-based routing (comma for OR, space for AND) selecting which endpoints fire per message. Messages take info, success, warning, or failure types in text, Markdown, or HTML, with attachments up to a configurable size. A built-in web UI manages and tests configurations, APPRISE_CONFIG_LOCK makes the store read-only, service allow/deny lists restrict which schemes work, webhook remapping adapts third-party payloads, and a Prometheus /metrics endpoint watches the gateway itself.
Bazarr
Subtitles are the one chore Sonarr and Radarr leave behind - Bazarr finishes the *arr media stack by automating them. It connects to both via their APIs and mirrors their libraries - it doesn't scan disk itself, it manages exactly what your *arr apps index. For every monitored episode and movie it checks existing internal and external subtitles against your language profiles, then hunts missing ones across dozens of providers - OpenSubtitles.com, Podnapisi, Addic7ed, Subscene, and many regional sources - covering 184 subtitle languages including forced/foreign-dialogue tracks. Matching is smarter than filename guessing: releases are compared by release group and source, some providers support exact file-hash matching, and every downloaded subtitle gets a percentage score. Set a minimum score per Sonarr/Radarr connection and Bazarr rejects weak matches; enable upgrades and it replaces previously downloaded subtitles when better ones surface. Out-of-sync files get fixed too - automatic subtitle synchronization realigns timing after download, triggered only below a configurable score threshold so good subs aren't touched. Per-show and per-movie language configuration, download history, manual on-demand search, and adaptive searching that throttles provider API calls round it out, all behind a clean Sonarr-style web UI written in Python. If your library serves multilingual viewers, this removes the last manual step.
The Lounge
"Forget about bouncers" became a real sentence because of The Lounge: a Node.js web IRC client that holds persistent connections to your networks 24/7, logging everything while you sleep, so closing the browser tab never means missing a message or losing your place in a channel. Open it again from any device - desktop, phone, tablet - and you resume exactly where you left off, with full history synchronized. Because it combines bouncer and client in one process, the experience feels like a modern chat app rather than 1990s infrastructure: push notifications for highlights and private messages (with self-generated VAPID keys, so even Web Push needs no third-party service), automatic link previews, inline file and image uploads, and full IRCv3 protocol support. It installs as a progressive web app from any modern browser, so phones get a native-feel client without an app store. Multi-user support means one instance serves your whole team or community, each user with their own networks and history, and LDAP integration ties into existing authentication. A public mode alternatively serves as an open, registration-free web chat for events or support channels. MIT-licensed, born as a fork of Shout, and a fixture of self-hosting stacks since.
Lenpaste
Share code snippets, logs, configs, and notes without registration, tracking, or ads: Lenpaste is a minimal, self-hosted, anonymous alternative to pastebin.com. It is deliberately spartan in the right ways: no accounts, no JavaScript required (the entire site works in text browsers and hardened setups), and cookies used solely to store display preferences. Pastes support syntax highlighting across a long list of languages (from ApacheConf and Arduino to mainstream stacks), configurable expiration from minutes to unlimited, one-use "burn after reading" pastes that self-delete on first view, optional author attribution, and iframe embedding for dropping pastes into other pages. The form-encoded HTTP API covers everything the UI does - create pastes with title, syntax, expiration, and line-ending normalization, fetch them by ID, and query server capabilities - making it trivial to pipe command output to your paste server from shell scripts. Server operators control maximum title and body lengths, maximum paste lifetime, rate limits for viewing and creation, search-engine indexing policy, and can lock private instances behind HTTP Basic authentication. It deploys as a single lightweight Docker container, giving your team a snippet-sharing endpoint where the content never touches a third-party service.
Motor Admin
Stop building internal tools and ship your actual product - Motor Admin exists for exactly that. Point this Ruby/Vue application at a PostgreSQL, MySQL, MariaDB, or SQL Server database and it generates a complete CRUD admin panel from your schema in under a minute - search, filters, create, update, delete, all through a polished UI, with every customization done through in-app settings rather than a DSL or boilerplate code. What elevates it beyond CRUD generators is the business-intelligence half: write SQL queries (with variables) and render results as tables, numbers, line/bar/ pie charts, funnels, or markdown; organize reports into shared dashboards; and attach queries and dashboards directly to resource pages as tabs, so an order record shows its revenue history in place. Operations beyond CRUD are covered by custom actions and a WYSIWYG forms builder that posts to your existing REST or GraphQL APIs - send a refund, trigger an email, whatever your backend exposes. Email alerts deliver scheduled reports, Slack sends personalized report alerts, and intelligence search spans all resources. Governance is included: role-based permissions with row- and column-level control (CanCanCan), an audit log of admin activity, multiple database connections, and configuration sync between staging and production. Mobile-optimized, AGPL-licensed, also available as a Rails engine.
Thumbor
Born at Brazilian media giant Globo.com, Thumbor answers imaging CDNs like Imgix and Cloudinary with an HTTP service where every image variant is just a URL. Ask for /300x200/smart/your-image.jpg and Thumbor fetches the original, crops and resizes on demand, and caches the result - one source file, unlimited renditions, no batch pre-generation pipeline. The "smart" in the URL is the signature feature: OpenCV-based face detection finds people in the frame and crops around them (no more thumbnails with severed heads), and when no faces exist, feature detection finds visually important corners and computes a weighted center of mass as the focal point. Beyond cropping, a chainable filter pipeline handles brightness, contrast, grayscale, blur, red-eye removal, rounded corners, rotation, watermarks, and format conversion with quality control - applied in order via URL segments. All common image formats work out of the box, and every layer is pluggable: loaders (HTTP, local, S3), storages and result storages (local, S3, Ceph, and community backends), engines, optimizers, filters, and even custom detectors, with the awesome-thumbor list cataloging the ecosystem. URL signing prevents abuse of your processing capacity. Integrations exist for Django, Rails, Node, WordPress, and most frameworks. MIT-licensed, battle- tested for over a decade.
CodeX Docs
Writing docs should feel like editing a modern document, not wrangling Markdown files - CodeX Docs delivers that on Editor.js, the block-styled editor its CodeX team builds and thousands of products use. Content is composed from clean blocks (headings, lists, code, images, embeds) with a UI that reads well on both desktop and mobile, and pages render statically with human-readable, SEO-friendly URLs. Structure is free-form: pages nest to any depth, so a flat FAQ and a deep product manual coexist in one instance, and the UI tunes to fit - collapse sections, hide the sidebar. The operational footprint is deliberately tiny. No database is required: the default driver persists to a local folder, with MongoDB available when you want it, and the whole app configures through one YAML file (overridable with APP_CONFIG_ environment variables) covering title, start page, auth password, and JWT secret. Editing mode sits behind password authentication. Thoughtful extras are wired in: readers can report misprints straight to your Telegram or Slack, Hawk error tracking catches frontend and backend exceptions, and Yandex Metrica analytics is a one-line config. A ready-made Helm chart covers Kubernetes. Written in TypeScript.
Verdaccio
Private npm packages without shipping code to the public registry or paying for npm Enterprise: Verdaccio is the standard lightweight, zero-config private registry and caching proxy. It runs as a single Node.js process with its own tiny embedded database; no external database is required to start. Point npm, yarn, or pnpm at it and everything behaves as expected: install, publish, unpublish, dist-tags, and deprecation all work against the standard npm endpoints. The uplink system is where it earns its keep: packages not found locally are fetched from configured upstreams (npmjs.org, yarn, JFrog, Nexus, or another Verdaccio), cached as tarballs, and served locally thereafter - cutting CI latency and surviving registry outages. Multiple uplinks chain for failover, and per-package glob patterns in config.yaml route scopes to specific upstreams while controlling access, publish, and unpublish rights per group. You can even override a public package by publishing a patched version under the same name locally. A plugin architecture swaps in auth backends (htpasswd default, LDAP and others available), storage drivers (S3, Google Cloud Storage), middleware routes, and metadata filters. With official Docker images and a Kubernetes Helm chart, it slots into any pipeline in minutes.
mCaptcha
The CAPTCHA bargain - annoy your users and feed their behavior to Google - gets replaced with economics by mCaptcha. Instead of image puzzles, it uses SHA256 proof-of-work: every visitor's browser silently solves a small computational challenge (via a WebAssembly library) before submitting a form. Humans never notice the milliseconds; bots hammering your site must burn more compute sending requests than your server spends answering them, which makes attacks more expensive than defense - the property that also makes mCaptcha genuine DoS protection, not just bot filtering. Written in Rust, the system is fully automated: difficulty scales with traffic, so challenges stay trivial in normal conditions and harden under attack. The privacy and accessibility wins are structural rather than promised: no tracking, no profiling, no user-pattern data collection, and no visual puzzles that exclude users with visual or cognitive impairments - the design was published in Communications of the ACM. Rate limiting is IP-independent, so users behind NATs, VPNs, or Tor get the same experience instead of endless challenge loops, and proofs resist replay attacks, neutering captcha farms. Migration is deliberately easy: the API is compatible with reCAPTCHA and hCaptcha, making it a drop-in replacement. AGPL-licensed core with proprietary-friendly client libraries.
Owncast
Twitch and YouTube Live, replaced by infrastructure you control: Owncast is a self-hosted live streaming and chat server. Point OBS, Streamlabs, or any RTMP-capable broadcaster at the server's ingest port, and Owncast transcodes the feed with FFmpeg into HLS with multiple quality variants, playing it in a built-in web page with a real-time chat beside it. Chat supports anonymous participation, custom emotes, and moderation tools - message removal, user bans and suspensions - with optional authentication via IndieAuth or a Fediverse account. ActivityPub integration puts the stream on the Fediverse: viewers on Mastodon and compatible services can follow a channel and get notified the moment it goes live. Video delivery can come straight off the server or offload HLS segments to S3-compatible object storage so a modest VPS handles thousands of concurrent viewers while only managing ingest and chat. The backend is a single Go binary with a React frontend - no accounts platform, no database server, no dependency stack - and the player embeds in any website. MIT-licensed, with roughly 9k GitHub stars, zero platform fees, and no algorithm or takedown policy between you and your audience.
Redmine
Nearly two decades running engineering organizations: Redmine is the veteran open-source project management and issue tracker, a Ruby on Rails application (GPLv2) still in active development. Its core strength is configurability: define your own trackers (bug, feature, task, or anything else), issue statuses, and role-based workflows that control exactly which transitions each role may perform, then extend records with custom fields of every type. Issues support subtasks, relations (blocks, precedes, duplicates), watchers, categories, and full journaled history, with saved custom queries and cross-project filtering for slicing the backlog any way you need. Around the tracker sit Gantt charts and calendars, a roadmap driven by versions, per-project wikis, forums, news, and document repositories, plus time tracking with estimated versus spent hours and activity-based reporting. Multi-project support runs deep - subprojects, per-project modules, and granular role-based permissions - and repository integration (Git, Subversion, Mercurial) links commits to issues automatically. Email notifications, inbound email-to-issue creation, LDAP authentication, a REST API, and a large plugin and theme ecosystem round it out. Recent 6.x releases brought substantial query and rendering optimizations. Self-hosting keeps your entire project history in your own database, free of per-seat licensing.
Ackee
Page views, referrers, browsers, and screen sizes - Ackee delivers the analytics developers actually check, from a deliberately minimal Node.js and MongoDB stack that skips both Matomo's weight and Google Analytics' cloud dependency. Its defining constraint is anonymization: no cookies, no unique user tracking, and a multi-step anonymization process that keeps visitors unidentifiable while the aggregate numbers stay useful. In its default anonymous mode Ackee collects no personally identifiable information at all, which means GDPR and CCPA compliance out of the box and no cookie consent banner on your sites. A detailed mode adds screen size, language, and per-visit referrers - still without cookies or fingerprinting. Integration mirrors the Google Analytics pattern: create a domain in settings, drop the generated ackee-tracker snippet into your pages, and data appears in a clean single-page dashboard. One instance tracks multiple domains, and custom events capture button clicks, signups, and conversions. The distinctive engineering choice is the fully documented GraphQL API: everything the dashboard shows comes from that API, so you can query active visitors, average duration, and view statistics programmatically, feed data in from apps and services beyond websites, or build an entirely custom interface on top. If you want bare-minimum analytics with a real API and zero privacy anxiety, this is the tool.
Nanote
100% portability is Nanote's one non-negotiable principle as a self-hosted note-taking app. There is no database - notebooks are plain folders and notes are plain Markdown files on your filesystem, so the same notes remain fully manageable from a terminal, Notepad, or any other editor, and walking away from Nanote costs nothing because your data was never in a proprietary format to begin with. Built with Nuxt and TypeScript around the Milkdown editor, it layers modern conveniences on that plain-file foundation: fast content search across all notes using OS-optimized tooling (ugrep), native Markdown rendering, image and file attachments, and a mobile-friendly layout for reading and editing on a phone. Clever remark directives make plain text interactive - typing ::file inserts an inline upload picker, while ::today, ::now, and ::tomorrow expand to live dates and times. A fully typed REST API with validation covers automation, and access is protected by a configurable secret key. Deployment is one container with three env vars: paths for notes, uploads, and config, all bind-mountable so your Markdown lives wherever you want it - including inside an existing sync setup. AGPL-licensed and actively daily-driven by its author.
Cockpit
Built by an agency in 2011 and refined by real client work since, Cockpit is a headless CMS whose pragmatism is earned. It's a pure content backend: model your data, let editors manage it, and fetch it over REST or GraphQL from any frontend - React, Vue, Flutter, a static site generator, or an IoT dashboard. Content modeling covers three shapes: Collections for repeatable items (posts, products, events), Singletons for one-off content (settings, about pages), and Trees for hierarchies (navigation, categories), all assembled from 20+ field types including relationships. The API layer is unusually capable: MongoDB-style query filtering, field selection to trim payloads, automatic image optimization through the assets API, and built-in caching. Localization is first-class with per-field multi-language content and fallback support; user management includes roles, granular permissions, two-factor authentication, and API tokens; and webhooks push changes into external workflows. Agencies get multi-tenant Spaces - several sites or clients from one installation. The operational footprint is refreshingly small: PHP plus either SQLite or MongoDB, no build steps, no toolchain, extensible through hooks, events, and addons (pages/SEO, forms, full-text search, layout components). Where enterprise headless platforms bill per seat and per locale, Cockpit is MIT-licensed and simply yours.
Statping-ng
A status page and uptime monitor in one Go binary: Statping-ng - the actively maintained fork of Statping - replaces the UptimeRobot-plus-Statuspage combo with a ~20 MB Docker image using under 50 MB of RAM. It checks services over HTTP, TCP, UDP, ICMP ping, and gRPC health checks on configurable intervals, with per-service timeouts, expected status codes, POST requests with custom JSON bodies, SSL verification, and failure thresholds before alerting. The public status page is the differentiator against plain monitors: visitors see live status, uptime percentages, and latency charts grouped into service categories, with incident announcements and scheduled-maintenance messages you publish from the dashboard - and Sass-based custom styling matches the page to your brand rather than a vendor template. When something fails, notifiers fire immediately: Slack, Discord, Telegram, SMTP email, PagerDuty, Twilio SMS, Pushover, and custom webhooks, each testable before saving. Because notifiers are single Go files, the plugin system makes new channels straightforward. A RESTful API manages services and reads uptime data programmatically, and the free Statping mobile app connects to your server via QR code for on-the-go monitoring. Data persists to SQLite, MySQL, or PostgreSQL. Point it at internal services too - anything the container can reach is monitorable.
Muse
"A highly-opinionated midwestern self-hosted Discord music bot that doesn't suck," per its own README - Muse is built for servers the size of you, your friends, and your friends' friends. It exists because the big public music bots kept getting shut down or paywalled, and self-hosting yours means nobody can take it away. Written in TypeScript on discord.js, it joins voice channels and plays audio resolved from YouTube via yt-dlp, and given optional Spotify API credentials it auto-converts Spotify tracks, albums, artists, and entire playlists to playable equivalents. The playback details show real care: seeking within songs and videos, livestream support, local caching so repeated plays start instantly, volume normalization across tracks, and configurable volume controls including optional ducking that lowers music when people speak. SponsorBlock integration can skip non-music segments automatically. Users save favorite queries as reusable shortcuts, and one Muse instance serves multiple guilds simultaneously - one deployment for all your communities. Configuration is three environment variables (Discord token, YouTube API key, optional Spotify pair) and the personality is free: there is no vote-to-skip, because "this is anarchy, not a democracy," and the bot remains a loyal Green Bay Packers fan. MIT-licensed and easily extendable.