243 applications
Manager.io screenshot thumbnail

Manager.io

Full double-entry accounting on your own server: Manager.io Server Edition runs the same engine as the free desktop edition as a web server, so unlimited users work in unlimited businesses concurrently, with all books on infrastructure you control. The module coverage is genuinely comprehensive - general ledger with a customizable chart of accounts, sales and purchase invoices, quotes and orders, bank and cash account reconciliation, inventory with stock tracking, fixed assets with depreciation, payroll, multi-currency with exchange gains and losses, tax codes for VAT and GST regimes, and the complete reporting stack: balance sheet, profit and loss, trial balance, aged receivables and payables, and cash flow statements. The interface is translated into more than seventy languages, reflecting a genuinely global user base. The licensing model is the refreshing part: a server license is a one-time perpetual purchase, not a subscription - twelve months of updates included, optional renewals after, no per-user tiers, no data limits, and you can downgrade to the free desktop edition anytime, so your books are never hostage. Businesses wanting collaborative accounting behind their own firewall, with data sovereignty and no monthly fees, get exactly that.

Deploy
ExpenseOwl screenshot thumbnail

ExpenseOwl

Log a date, amount, and category; get a clean monthly pie chart and a cashflow strip showing income, expenses, and net balance - ExpenseOwl is expense tracking stripped to what actually matters. The MIT-licensed Go application deliberately is not a budgeting system - no envelopes, no accounts, no double-entry, no bank sync - because its author found tools like Firefly III and Actual too heavy for the simple question "where did this month's money go?" The dashboard makes that question fast: click a pie slice to exclude fixed costs like rent and see discretionary spending clearly, then drill into a chronological table view to inspect or delete individual transactions. Recurring transactions handle salaries and subscriptions automatically, optional tags add a second classification axis, and settings cover custom categories, currency symbol, and a configurable month start date for non-calendar pay cycles. CSV import migrates data from virtually any other tool, and CSV export keeps your data portable. It ships as a self-contained binary and multi-architecture Docker image with zero internet interaction, stores data in flat JSON files by default (PostgreSQL optional), and installs as a PWA on phones. Single-user by design; pair it with an authenticating reverse proxy if exposed publicly.

Deploy
Shaarli screenshot thumbnail

Shaarli

Personal, minimalist, database-free bookmarking - Shaarli is a philosophy as much as an app. Everything lives in a single compressed datastore file inside data/: no MySQL, no PostgreSQL, backup by copying one directory. That write-once/read-many file is usually served straight from OS disk caches, which is why a decade-old Shaarli instance with tens of thousands of links still responds instantly. Designed deliberately single-user, it saves URL, title, unlimited-length description, and tags (with autocomplete, renaming, and merging), marks entries public or private, and automatically strips utm_source and fb tracking parameters from saved URLs. That description field is why the community uses Shaarli as far more than bookmarks: a microblog, read-it-later queue, code-snippet base, pastebin, and shared clipboard between machines. Sharing is one click via bookmarklet or Android apps; consumption is per-tag RSS/Atom feeds plus a daily digest feed; search is full-text with tag filtering. A REST API opens it to any client, a plugin and theme system extends the PHP core (Markdown rendering, thumbnails), and import/export uses browser-standard Netscape HTML - your data enters and leaves freely. LDAP login is supported, no telemetry is sent anywhere, and the UI degrades gracefully without JavaScript. The anti-cloud Delicious.

Deploy
GoToSocial screenshot thumbnail

GoToSocial

Mastodon serves single-user and small-community instances poorly; GoToSocial, an ActivityPub server written in Go, was built precisely for them. Where Mastodon demands Ruby, PostgreSQL, Redis, and Sidekiq, GoToSocial is one binary using roughly 250-350 MiB of RAM with SQLite as the default database (PostgreSQL optional) - it runs comfortably on a $5 VPS or a repurposed laptop. The deliberate design choice is having no built-in web client: the server exposes profile pages, a settings panel, and a faithful implementation of the Mastodon API, and you post through the client app you already like - Tusky on Android, Feditext on iOS, Pinafore or Phanpy in the browser. Federation is the point: your instance follows, boosts, and replies across Mastodon, Misskey, Pixelfed, and the rest of the Fediverse, with your identity anchored to your own domain. Safety is a stated focus, with granular per-post visibility and interaction controls, content warnings, custom emoji, hashtag following, domain allow/blocklists, and OIDC login support. Built-in Let's Encrypt provisioning simplifies the mandatory TLS. AGPL-3.0 licensed and in active beta, federating cleanly with the ecosystem's major servers.

Deploy
PsiTransfer screenshot thumbnail

PsiTransfer

Upload files, get a share link, let it expire: PsiTransfer is a self-hosted WeTransfer with no accounts, no logins, and no third-party cloud with size caps and metadata harvesting. The engineering focus is large files over imperfect networks. Uploads use the tus.io resumable protocol, so a dropped connection on a multi-gigabyte video resumes exactly where it stopped once you're back online; downloads support HTTP range headers for the same resilience, and everything streams, so file size is bounded by your disk rather than memory. Files organize into upload buckets with retention you control: expire after a set time (up to weeks) or after a one-time download, with automatic cleanup when links lapse. Recipients need nothing installed - they open the link, preview files in modal views, and grab everything as a zip or tar.gz archive with one click. Buckets can be password-protected (AES-encrypted download lists), and security-through-obscurity is done properly: bucket URLs use hashed UUID tokens and stored filenames are replaced with UUIDs. An optional admin page (enabled by setting an admin password) lists bucket information and storage. The Vue.js frontend ships under 100 KB gzipped and is fully responsive. Honest caveat from the author: no end-to-end payload encryption yet. BSD-licensed, Docker-ready.

Deploy
Passbolt screenshot thumbnail

Passbolt

Security-conscious IT departments pick Passbolt for its cryptography: every user holds an OpenPGP key pair, and shared credentials are encrypted individually to each recipient's public key - real end-to-end encryption, not a vault password handed around. All crypto runs client-side in the mandatory browser extension (distributed and signed through the Chrome and Firefox stores, deliberately separating the crypto code from the server that stores ciphertext); private keys and passphrases never touch your instance, and the server admin cannot read a single secret. Authentication uses the challenge-based GpgAuth protocol, secrets are digitally signed to verify sender integrity, and metadata encryption extends protection to resource names and URLs. Day to day it behaves like a polished commercial manager: auto-fill and auto-save in forms, strong password generation, anti-phishing protection, TOTP storage, folder hierarchies shared per-user or per-group with fine-grained permissions and instant cryptographic revocation. Native iOS, Android, and desktop apps ship alongside a JSON API, CLI, and SDKs for CI/CD secret retrieval and rotation. The PHP server runs on MariaDB and is AGPL-licensed open source - including the paid tiers' codebase - with published security audits.

Deploy
Hastebin screenshot thumbnail

Hastebin

"Throw it on a haste and send the link" entered developer vocabulary because of Hastebin (haste-server), the minimalist open-source pastebin. Written in Node.js with three stated design goals - be really pretty, be really simple, be easy to set up - it does one job precisely: paste code, logs, stack traces, or config snippets, press save (or Ctrl+N for a new one), and get a short random-key URL to share. Syntax highlighting renders pastes readably across common languages, a raw view serves plain text for curl and scripts, and duplicate-and-edit makes iterating on a shared snippet trivial. The killer workflow is the terminal: with the haste-client utility or a one-line shell function, `cat error.log | haste` prints a shareable URL straight from stdout - the fastest route from a broken build to a colleague's eyeballs. Storage is pluggable through a simple adapter interface: filesystem by default, Redis with optional key expiration for pastes that should age out, and configurable key length, maximum paste size, and static documents. Self-hosting matters here because pastes often contain internal logs and stack traces that should never sit on a public pastebin - your instance keeps them inside your network, under your retention rules.

Deploy
mCaptcha screenshot thumbnail

mCaptcha

The CAPTCHA bargain - annoy your users and feed their behavior to Google - gets replaced with economics by mCaptcha. Instead of image puzzles, it uses SHA256 proof-of-work: every visitor's browser silently solves a small computational challenge (via a WebAssembly library) before submitting a form. Humans never notice the milliseconds; bots hammering your site must burn more compute sending requests than your server spends answering them, which makes attacks more expensive than defense - the property that also makes mCaptcha genuine DoS protection, not just bot filtering. Written in Rust, the system is fully automated: difficulty scales with traffic, so challenges stay trivial in normal conditions and harden under attack. The privacy and accessibility wins are structural rather than promised: no tracking, no profiling, no user-pattern data collection, and no visual puzzles that exclude users with visual or cognitive impairments - the design was published in Communications of the ACM. Rate limiting is IP-independent, so users behind NATs, VPNs, or Tor get the same experience instead of endless challenge loops, and proofs resist replay attacks, neutering captcha farms. Migration is deliberately easy: the API is compatible with reCAPTCHA and hCaptcha, making it a drop-in replacement. AGPL-licensed core with proprietary-friendly client libraries.

Deploy
Supertokens Core screenshot thumbnail

Supertokens Core

Authentication that lives inside your application rather than behind a redirect to an external identity provider - SuperTokens takes a fundamentally different architecture from Auth0 and AWS Cognito. Three tiers make that work - frontend SDKs (React, Angular, Vue, vanilla JS, React Native) render overridable login UI and manage tokens; backend SDKs (Node.js, Python, Go) expose auth endpoints on your own API domain; and SuperTokens Core, the piece you host here, is the stateless HTTP service handling core auth logic, password hashing, token signing, and database operations against PostgreSQL. The recipe system keeps features decoupled: use email/password, social login, passwordless (magic links, OTP), phone-password, multi-factor authentication (TOTP, WebAuthn), user roles, and microservice auth - individually or combined; you can even use SuperTokens purely for session management alongside another login provider. Sessions are where it shines: rotating refresh tokens with theft detection, automatic access-token refresh, CSRF protection, and secure cookie handling out of the box - the details that become vulnerabilities when hand-rolled. Verification happens locally in your backend via cached JWT signing keys, so the Core stays off the hot path. Self-hosted means no user limits, free forever, with all user data in your database. Apache-licensed.

Deploy
WBO screenshot thumbnail

WBO

A Node.js server, a large shared canvas, and a URL - WBO (Whiteboard Ophir) is collaborative whiteboarding reduced to its essence. There are no accounts and no setup - to collaborate, you send someone the board's link, and every stroke appears for all connected users in real time over WebSockets, with cursor positions shared so you can see where collaborators are working. Board state persists automatically and continuously, so a diagram drawn in today's lesson is still there next week at the same URL. Boards come in three flavors: a public free-for-all, private boards with random unguessable names, and named boards with custom URLs shared by anyone who knows the name. The tools cover teaching and brainstorming needs - pencil, straight lines, rectangles, ellipses, text annotations, eraser, a full color palette with brush sizes - and boards export as SVG or PNG. Despite the simplicity, the server is production-minded: JWT authentication gates board access with granular capabilities (open, edit, and clear as separate permissions), rate limiting caps per-client message volume, reverse-proxy and subpath deployment are supported, and OpenTelemetry provides metrics, logs, and traces. It works on tablets and touch devices, speaks multiple languages, and consumes minimal resources. AGPL-licensed.

Deploy
Upvote RSS screenshot thumbnail

Upvote RSS

The antidote to doomscrolling: Upvote RSS turns Reddit, Hacker News, Lemmy, Lobsters, PieFed, Mbin, and trending GitHub repositories into calm, filtered RSS feeds. The MIT-licensed PHP app's killer feature is intelligent filtering: beyond simple score thresholds, the "posts per day" filter analyzes a community's recent history and computes the score cutoff that yields your target volume - say, exactly three r/technology posts daily - while a percentage-based threshold mode stays consistent as communities grow. Feeds are rich, not bare links: parsed full-article content via Readability (with optional Readability.js, Mercury, or Browserless for JavaScript-heavy pages), embedded videos and image galleries, top-voted comments with pinned-moderator filtering, scores, reading-time estimates, and optional AI summaries through Ollama, OpenAI, Gemini, Anthropic, Mistral, DeepSeek, or any OpenAI-compatible endpoint - with automatic provider fallback. A web UI builds the feed URL interactively with live preview; paste the result into any RSS reader. Reddit support includes custom domains like old.reddit.com plus NSFW filtering and blurring. Caching via filesystem, Redis, or APCu keeps repeated fetches cheap and avoids re-running paid summarizations.

Deploy
Isso screenshot thumbnail

Isso

Named from the German "Ich schrei sonst" - roughly "or I'll scream" - Isso is a lightweight Python/JavaScript commenting server, a drop-in Disqus replacement for people who noticed what Disqus does to reader privacy and page load times. The design premise is printed right in the docs: comments are not Big Data. So the backend is a single SQLite file rather than a database cluster, and the entire client is one embeddable JavaScript file - 65 kB, 20 kB gzipped - that you drop into any static site, blog, or CMS. Commenters write in Markdown, need no account, and can edit or delete their own comments within a configurable window (15 minutes by default). Spam control comes from an optional moderation queue: held comments stay invisible until you activate them via an admin interface or email notification links. Migration is a first-class feature, with importers for Disqus and WordPress exports, so years of existing threads move over intact. Because everything is server-rendered from your own instance, no third party tracks your readers, and real-world switchers report smaller pages and faster loads than the Disqus embed. MIT-licensed, running since 2012.

Deploy
Hasura screenshot thumbnail

Hasura

A PostgreSQL database becomes a production-grade GraphQL API the moment Hasura GraphQL Engine points at it: track tables and relationships - existing schemas included - and full query, mutation, and subscription types appear with where, order_by, limit, offset, and on_conflict arguments, no resolvers or boilerplate written. Its Haskell core compiles GraphQL to efficient SQL, and any query becomes a real-time live query with a single keyword, powering dashboards and collaborative UIs over standard GraphQL subscriptions. Authorization is where Hasura earns its enterprise reputation: role-based access control with row- and column-level permission policies driven by session variables from JWTs, auth webhooks, or headers - each role effectively sees its own GraphQL schema containing only what it may touch, integrating cleanly with Auth0, Firebase, or homegrown auth. Event triggers fire webhooks on inserts, updates, and deletes for asynchronous business logic; Actions extend the schema with custom REST handlers; remote schema stitching merges external GraphQL services into one endpoint; and auto-generated REST endpoints serve clients that skip GraphQL. A browser console handles data modeling and API exploration, the CLI manages migrations and metadata as code, and deployment is a single stateless Docker container beside Postgres.

Deploy
Documize screenshot thumbnail

Documize

Enterprise documentation discipline without enterprise infrastructure: Documize Community is the Confluence alternative built on exactly that trade. The entire platform - Go backend, Ember.js frontend - compiles to a single executable binary for Linux, Windows, and macOS with zero runtime dependencies: no Elasticsearch, no Redis, no JVM. Point it at PostgreSQL, MySQL, MariaDB, Percona, or Microsoft SQL Server (rare in open source, decisive in Microsoft shops), and schema migrations run on launch with native full-text search on whichever engine you chose. Content organization rejects nested-folder sprawl for Spaces, categories, and labels, and the section-based composable editor mixes rich text, Markdown, code blocks, PDFs, diagrams, and embedded Jira or Trello content in one document, with reusable blocks and templates so teams start from standards rather than blank pages. It deliberately unifies internal team docs and customer-facing documentation in one system with granular space-, document-, and action-level permissions deciding who sees what. Where wikis stop, Documize continues: content approval workflows (draft, review, approve, publish), version management, lifecycle control, feedback capture, PDF export, analytics showing what gets read and ignored, activity streams, and audit logs. Keycloak, LDAP, and SSO integrate for enterprise auth. AGPL-licensed.

Deploy
Cusdis screenshot thumbnail

Cusdis

Comments for small sites without Disqus's baggage: Cusdis is a lightweight, privacy-first, open-source comment system for embedding under blog posts and articles. The embedded JavaScript SDK is about 5 KB gzipped (Disqus is roughly 24 KB), sets no cookies, runs no tracking, and does not require readers to create an account or sign in before commenting. Integration is two lines: a container div with your app ID and an async script tag, with ready-made adapters for common frameworks and static site generators. Moderation is approval-based - new comments stay hidden until you approve them from the dashboard, and email notifications include a Quick Approve link that approves or replies to a comment from your phone without logging in. A webhook fires on every new comment for integrations like Telegram notifications. The widget ships with built-in i18n and dark mode. The stack is TypeScript and Next.js with a Prisma data layer, deployable via Docker with PostgreSQL. Deliberately minimalist: no ads, no reader profiling, and your comment data lives in your own database.

Deploy
BeaverHabits screenshot thumbnail

BeaverHabits

No targets, no gamification spiral, no motivational nagging: Beaver Habit Tracker is a self-hosted habit tracker deliberately built without "Goals". The core loop is honest: add habits, check them off each day, watch streaks accumulate on a calendar view. Its design follows behavioral-science basics - make it obvious (visual streak cues), make it attractive (progress is the motivator), make it satisfying (tracking becomes its own reward). Beyond the daily checklist it supports per-day notes intelligently grouped per habit, periodic habits, habit categories and tags, drag-to-reorder (manual or automatic), dark mode, and detailed streak and frequency views. Data lives where you choose: a single SQLite database or flat JSON files on a mounted volume, with JSON export and import for full portability. A REST API opens automation - community integrations already cover Stream Deck buttons, Home Assistant triggers, and CalDAV. The Python app ships as one Docker container with no external dependencies; environment variables tune everything from first day of week and index-page columns to iOS standalone PWA mode, and single-user setups can bypass the login entirely with TRUSTED_LOCAL_EMAIL. BSD-3-Clause licensed with no commercial restrictions - a well-executed single-purpose tool whose mobile PWA works anywhere a browser does.

Deploy
Journiv screenshot thumbnail

Journiv

A Day One alternative that keeps your most personal writing on your own server: Journiv is journaling purpose-built for self-hosters. The FastAPI backend runs on SQLite by default with optional PostgreSQL, Redis, and Celery for background work, behind a clean, minimal web UI. Unlike general note-taking apps, it ships the features journaling actually needs: customizable moods and mood groups, activity tracking, goals with automated progress from logged activities, and daily writing prompts filterable by category and difficulty so a blank page never stalls you. Quick Log captures a moment in seconds and expands into a full entry later; "On This Day" resurfaces entries from past weeks, months, and years. Multiple journals separate work, gratitude, and personal writing, with tags and full-text search across everything, plus media uploads with automatic thumbnails and an Immich integration for linking photo-library memories. Analytics chart mood trends and writing patterns over time. Data portability is taken seriously: native import of Day One exports, JSON/Markdown/HTML export, and a standalone HTML viewer that opens your archive in any browser with no server running. OIDC single sign-on works with Authentik or Keycloak, and multi-arch images cover amd64 and arm64.

Deploy
Muse screenshot thumbnail

Muse

"A highly-opinionated midwestern self-hosted Discord music bot that doesn't suck," per its own README - Muse is built for servers the size of you, your friends, and your friends' friends. It exists because the big public music bots kept getting shut down or paywalled, and self-hosting yours means nobody can take it away. Written in TypeScript on discord.js, it joins voice channels and plays audio resolved from YouTube via yt-dlp, and given optional Spotify API credentials it auto-converts Spotify tracks, albums, artists, and entire playlists to playable equivalents. The playback details show real care: seeking within songs and videos, livestream support, local caching so repeated plays start instantly, volume normalization across tracks, and configurable volume controls including optional ducking that lowers music when people speak. SponsorBlock integration can skip non-music segments automatically. Users save favorite queries as reusable shortcuts, and one Muse instance serves multiple guilds simultaneously - one deployment for all your communities. Configuration is three environment variables (Discord token, YouTube API key, optional Spotify pair) and the personality is free: there is no vote-to-skip, because "this is anarchy, not a democracy," and the bot remains a loyal Green Bay Packers fan. MIT-licensed and easily extendable.

Deploy