243 applications
Cockpit screenshot thumbnail

Cockpit

Built by an agency in 2011 and refined by real client work since, Cockpit is a headless CMS whose pragmatism is earned. It's a pure content backend: model your data, let editors manage it, and fetch it over REST or GraphQL from any frontend - React, Vue, Flutter, a static site generator, or an IoT dashboard. Content modeling covers three shapes: Collections for repeatable items (posts, products, events), Singletons for one-off content (settings, about pages), and Trees for hierarchies (navigation, categories), all assembled from 20+ field types including relationships. The API layer is unusually capable: MongoDB-style query filtering, field selection to trim payloads, automatic image optimization through the assets API, and built-in caching. Localization is first-class with per-field multi-language content and fallback support; user management includes roles, granular permissions, two-factor authentication, and API tokens; and webhooks push changes into external workflows. Agencies get multi-tenant Spaces - several sites or clients from one installation. The operational footprint is refreshingly small: PHP plus either SQLite or MongoDB, no build steps, no toolchain, extensible through hooks, events, and addons (pages/SEO, forms, full-text search, layout components). Where enterprise headless platforms bill per seat and per locale, Cockpit is MIT-licensed and simply yours.

Deploy
Muse screenshot thumbnail

Muse

"A highly-opinionated midwestern self-hosted Discord music bot that doesn't suck," per its own README - Muse is built for servers the size of you, your friends, and your friends' friends. It exists because the big public music bots kept getting shut down or paywalled, and self-hosting yours means nobody can take it away. Written in TypeScript on discord.js, it joins voice channels and plays audio resolved from YouTube via yt-dlp, and given optional Spotify API credentials it auto-converts Spotify tracks, albums, artists, and entire playlists to playable equivalents. The playback details show real care: seeking within songs and videos, livestream support, local caching so repeated plays start instantly, volume normalization across tracks, and configurable volume controls including optional ducking that lowers music when people speak. SponsorBlock integration can skip non-music segments automatically. Users save favorite queries as reusable shortcuts, and one Muse instance serves multiple guilds simultaneously - one deployment for all your communities. Configuration is three environment variables (Discord token, YouTube API key, optional Spotify pair) and the personality is free: there is no vote-to-skip, because "this is anarchy, not a democracy," and the bot remains a loyal Green Bay Packers fan. MIT-licensed and easily extendable.

Deploy
Passbolt screenshot thumbnail

Passbolt

Security-conscious IT departments pick Passbolt for its cryptography: every user holds an OpenPGP key pair, and shared credentials are encrypted individually to each recipient's public key - real end-to-end encryption, not a vault password handed around. All crypto runs client-side in the mandatory browser extension (distributed and signed through the Chrome and Firefox stores, deliberately separating the crypto code from the server that stores ciphertext); private keys and passphrases never touch your instance, and the server admin cannot read a single secret. Authentication uses the challenge-based GpgAuth protocol, secrets are digitally signed to verify sender integrity, and metadata encryption extends protection to resource names and URLs. Day to day it behaves like a polished commercial manager: auto-fill and auto-save in forms, strong password generation, anti-phishing protection, TOTP storage, folder hierarchies shared per-user or per-group with fine-grained permissions and instant cryptographic revocation. Native iOS, Android, and desktop apps ship alongside a JSON API, CLI, and SDKs for CI/CD secret retrieval and rotation. The PHP server runs on MariaDB and is AGPL-licensed open source - including the paid tiers' codebase - with published security audits.

Deploy
GoToSocial screenshot thumbnail

GoToSocial

Mastodon serves single-user and small-community instances poorly; GoToSocial, an ActivityPub server written in Go, was built precisely for them. Where Mastodon demands Ruby, PostgreSQL, Redis, and Sidekiq, GoToSocial is one binary using roughly 250-350 MiB of RAM with SQLite as the default database (PostgreSQL optional) - it runs comfortably on a $5 VPS or a repurposed laptop. The deliberate design choice is having no built-in web client: the server exposes profile pages, a settings panel, and a faithful implementation of the Mastodon API, and you post through the client app you already like - Tusky on Android, Feditext on iOS, Pinafore or Phanpy in the browser. Federation is the point: your instance follows, boosts, and replies across Mastodon, Misskey, Pixelfed, and the rest of the Fediverse, with your identity anchored to your own domain. Safety is a stated focus, with granular per-post visibility and interaction controls, content warnings, custom emoji, hashtag following, domain allow/blocklists, and OIDC login support. Built-in Let's Encrypt provisioning simplifies the mandatory TLS. AGPL-3.0 licensed and in active beta, federating cleanly with the ecosystem's major servers.

Deploy
EspoCRM screenshot thumbnail

EspoCRM

Teams tired of paying Salesforce or HubSpot per seat run EspoCRM: an AGPL-licensed PHP application with a fast single-page frontend over a REST API, covering sales, support, and marketing in one uncluttered interface. The sales core is complete - leads, contacts, accounts, opportunities with customizable pipeline stages, kanban views, calendars, meetings, and calls. Email is deeply integrated rather than bolted on: IMAP sync links messages to CRM records automatically, and mass email campaigns run with reusable templates, tracking, and Web-to-Lead forms feeding the funnel. Support teams get case management and a customer portal where clients track their own tickets and access a knowledge base. The real differentiator is the Entity Manager: create custom entities, fields, relationships, and layouts from the admin UI without code, with dynamic logic showing or hiding fields conditionally - EspoCRM is as much a business-application platform as a CRM. Formula scripting handles calculated fields and record automation in the free core; the optional Advanced Pack adds visual BPM process design and workflow rules. Role-based permissions with team and territory scoping, full-text search, reports, and a straightforward REST API for n8n or custom integrations round it out. Runs on PHP 8.3+ with MySQL, MariaDB, or PostgreSQL - unlimited users, zero per-seat fees.

Deploy
Fireshare screenshot thumbnail

Fireshare

The moment after ShadowPlay saves a great clip is what Fireshare was built for: your friends see it now, not after a YouTube upload, processing queue, and platform terms review. Drop videos into a watched folder and this Flask/React application generates a unique shareable URL for each one, complete with Open Graph metadata - so pasting the link into Discord, Twitter, or Slack produces a proper embed with title, description, and video thumbnail instead of a raw URL. Viewers need no account and no app. Visibility is per-file: public (browseable on your feed), private (unlisted, reachable only by direct link), or password protected. For game clips specifically, Fireshare organizes automatically - clips sort by game with cover art pulled from SteamGridDB, no manual tagging - while tags and full-library search cover everything else. Optional transcoding (CPU or GPU) creates lower-quality renditions so viewers on weak connections get automatic quality adaptation, and video cropping trims clips in place. The extras round out a genuinely finished tool: view counters, timestamped share links, a shuffle button, restrictable uploads, Discord notifications for new videos, an RSS feed of the public feed, mobile support, and LDAP for multi-user setups. No storage limits, no watermarks, no platform deciding what stays up. GPL-licensed.

Deploy
Heimdall screenshot thumbnail

Heimdall

Links stop drowning in browser bookmarks once Heimdall - the application dashboard from the LinuxServer.io team - gives every web app and service you run a single, organized front door. Items come in three tiers. Generic items link to anything on the web with a name, color, and optional icon. Foundation apps are recognized as you type, auto-filling the application's icon and tile color so a full homelab dashboard assembles in minutes. Enhanced apps go further: supply API credentials and the tile shows live data - queue size and download speed for SABnzbd and NZBGet, plus integrations for Sonarr, Radarr, Plex, Jellyfin, Pi-hole, Portainer, Transmission, and many more. There are no iframes and no apps-within-apps; tiles are honest links with real-time stats layered on. Tiles arrange by drag and drop, backgrounds are customizable, an optional search bar (Google, Bing, or DuckDuckGo) makes it work as a browser start page, and optional multi-user authentication keeps dashboards personal. Built on Laravel with SQLite file-based storage - no external database - it stays light, responsive on mobile, and simple to back up. A natural first deployment: the page that ties every other self-hosted service together.

Deploy
Papercups screenshot thumbnail

Papercups

Companies with privacy and security concerns about piping customer conversations through Intercom or Zendesk run Papercups - open-source live customer chat. The stack is a deliberate strength: an Elixir/Phoenix API over PostgreSQL, with real-time messaging powered by Phoenix Channels and Presence - the same BEAM foundation trusted by Discord and PagerDuty for fault-tolerant, low-latency messaging. Customers see a customizable chat widget that embeds in any site as an HTML snippet, a React component, or even inside React Native apps, with configurable colors, greetings, and away messages. Your team sees a dashboard for managing conversations - close, assign, and prioritize - with Markdown and emoji in replies. The killer workflow is the reply-channel integration: connect Slack or Mattermost and every customer conversation becomes a synced thread your team answers without leaving the tool they already live in, with two-way message syncing handled by webhooks. Email and SMS channels extend intake beyond the widget, an analytics dashboard tracks communication patterns, and the Storytime feature adds real-time screen sharing to watch users navigate while you help them. A documented API supports fully custom chat UIs in Svelte, Flutter, or Vue. MIT-licensed and GDPR-conscious - customer data stays in your PostgreSQL.

Deploy
Isso screenshot thumbnail

Isso

Named from the German "Ich schrei sonst" - roughly "or I'll scream" - Isso is a lightweight Python/JavaScript commenting server, a drop-in Disqus replacement for people who noticed what Disqus does to reader privacy and page load times. The design premise is printed right in the docs: comments are not Big Data. So the backend is a single SQLite file rather than a database cluster, and the entire client is one embeddable JavaScript file - 65 kB, 20 kB gzipped - that you drop into any static site, blog, or CMS. Commenters write in Markdown, need no account, and can edit or delete their own comments within a configurable window (15 minutes by default). Spam control comes from an optional moderation queue: held comments stay invisible until you activate them via an admin interface or email notification links. Migration is a first-class feature, with importers for Disqus and WordPress exports, so years of existing threads move over intact. Because everything is server-rendered from your own instance, no third party tracks your readers, and real-world switchers report smaller pages and faster loads than the Disqus embed. MIT-licensed, running since 2012.

Deploy
mCaptcha screenshot thumbnail

mCaptcha

The CAPTCHA bargain - annoy your users and feed their behavior to Google - gets replaced with economics by mCaptcha. Instead of image puzzles, it uses SHA256 proof-of-work: every visitor's browser silently solves a small computational challenge (via a WebAssembly library) before submitting a form. Humans never notice the milliseconds; bots hammering your site must burn more compute sending requests than your server spends answering them, which makes attacks more expensive than defense - the property that also makes mCaptcha genuine DoS protection, not just bot filtering. Written in Rust, the system is fully automated: difficulty scales with traffic, so challenges stay trivial in normal conditions and harden under attack. The privacy and accessibility wins are structural rather than promised: no tracking, no profiling, no user-pattern data collection, and no visual puzzles that exclude users with visual or cognitive impairments - the design was published in Communications of the ACM. Rate limiting is IP-independent, so users behind NATs, VPNs, or Tor get the same experience instead of endless challenge loops, and proofs resist replay attacks, neutering captcha farms. Migration is deliberately easy: the API is compatible with reCAPTCHA and hCaptcha, making it a drop-in replacement. AGPL-licensed core with proprietary-friendly client libraries.

Deploy
Keeper screenshot thumbnail

Keeper

Work, personal, business, and school calendars at different providers double-book because no one system sees your real availability - Keeper solves that multi-calendar collision problem. Its pull-compare-push sync engine aggregates events from Google Calendar, Outlook/Office 365, iCloud, FastMail, any CalDAV server, or read-only iCal/ICS feeds, and pushes blocking events to one or many destination calendars so time slots align everywhere. The design is deliberately content-agnostic - it syncs timeslots, not titles or descriptions, so a personal appointment shows as busy time on your work calendar without leaking details. Sync logic is clean: events Keeper creates carry a traceable UID suffix, deletions propagate, and orphaned entries are purged automatically. A token-authenticated aggregated iCal feed combines selected calendars into one subscribable URL for Apple Calendar or Thunderbird. An optional MCP server gives AI agents read-only calendar access over OAuth 2.1 - list calendars and query events by date range, with no write capability. Built with Next.js and Bun under AGPL-3.0, the standalone Docker image bundles web, API, cron, worker, Redis, and PostgreSQL in one container, and self-hosting unlocks every Pro feature - unlimited calendars and one-minute sync intervals - for free.

Deploy
Peppermint screenshot thumbnail

Peppermint

A deliberately simple ticketing system standing in for both Zendesk and Jira: Peppermint handles internal staff requests and external customer support alike. The stack is modern full-stack TypeScript: Next.js and React over Prisma and PostgreSQL, which makes it light to run and approachable for developers extending it. Ticket creation is straightforward - a markdown editor with file uploads, assignment, status tracking, and a logical workflow that new agents grasp without a manual. Mailbox integration converts email into tickets automatically: configure SMTP/IMAP per mailbox and incoming messages become trackable tickets. Each client accumulates an interaction history, giving agents context on every past request before replying. Two touches distinguish it from bare-bones ticketing: a built-in markdown notebook with todo lists for internal documentation and knowledge sharing, and OIDC authentication so agents sign in through your existing identity provider - Keycloak, Okta, Authentik, or Azure AD. Configurable webhooks and email notifications push ticket events to third-party services. The UI is responsive from mobile to 4K, and everything works fully offline in air-gapped environments. Docker-native and scalable via Kubernetes, with an active community of 3,000+ GitHub stargazers.

Deploy
Etherpad screenshot thumbnail

Etherpad

In continuous open-source development since 2009, Etherpad is the original really-real-time collaborative editor - used by Wikimedia, governments, EU public-sector institutions, and tens of thousands of self-hosters. Its core idea is visible authorship: every keystroke is attributed with author colors, every revision preserved, and the timeslider lets you scrub through a document's entire history character by character. Multiple people type into the same pad and see each other's changes instantly - it scales to thousands of simultaneous editors per pad. The base install is deliberately lightweight; capability comes from roughly 290 plugins installable from the admin web UI: comments, images, tables, drawing, video chat via WebRTC, math rendering, code highlighting, and authentication via OAuth, LDAP, or OpenID. AI is pointedly a plugin, not a default - you choose the model and infrastructure, or never turn it on. There is no telemetry. For integrators, an HTTP API (with OpenAPI definitions at /api/openapi.json) manages pads, users, and groups for embedding in your own applications, and the ueberDB abstraction layer supports PostgreSQL, MySQL, Redis, MongoDB, and SQLite backends. Full data export is built in, the format is open, it is translated into 105 languages, and it runs on anything from a Raspberry Pi to a server farm. Apache 2.0 licensed, Node.js based.

Deploy
Octobox screenshot thumbnail

Octobox

What Gmail did for email, Octobox does for GitHub notifications: an ephemeral, unmanageable stream becomes an inbox you can actually triage. GitHub marks notifications read the moment you glance at them and lets old ones vanish days later; heavy maintainers end up building elaborate Gmail filter systems just to cope. Octobox - a Ruby on Rails app over PostgreSQL - syncs your notifications into a persistent inbox with an explicit archived state: mark a thread done, and if the issue or PR sees new activity, it pops back automatically, so nothing silently falls through. Triage is keyboard-driven with Gmail-style shortcuts (j/k to navigate, e to archive, m to mute, s to star), and multi-select clears noisy repositories in bulk. Filtering is where it earns its keep: slice by repository, organization, type, action, state, reason, CI status, labels, author, assignee, or bot origin, combine prefix search filters, and pin favorite searches to the sidebar. The optional GitHub App enriches entries with live PR/CI status and labels so you can decide without clicking through. Auto-archive rules clear merged PRs and closed issues; muting and snoozing silence the rest. A REST API supports integrations. Self-hosting keeps your notification metadata - a map of everything you work on - on your own server.

Deploy
Cusdis screenshot thumbnail

Cusdis

Comments for small sites without Disqus's baggage: Cusdis is a lightweight, privacy-first, open-source comment system for embedding under blog posts and articles. The embedded JavaScript SDK is about 5 KB gzipped (Disqus is roughly 24 KB), sets no cookies, runs no tracking, and does not require readers to create an account or sign in before commenting. Integration is two lines: a container div with your app ID and an async script tag, with ready-made adapters for common frameworks and static site generators. Moderation is approval-based - new comments stay hidden until you approve them from the dashboard, and email notifications include a Quick Approve link that approves or replies to a comment from your phone without logging in. A webhook fires on every new comment for integrations like Telegram notifications. The widget ships with built-in i18n and dark mode. The stack is TypeScript and Next.js with a Prisma data layer, deployable via Docker with PostgreSQL. Deliberately minimalist: no ads, no reader profiling, and your comment data lives in your own database.

Deploy
WBO screenshot thumbnail

WBO

A Node.js server, a large shared canvas, and a URL - WBO (Whiteboard Ophir) is collaborative whiteboarding reduced to its essence. There are no accounts and no setup - to collaborate, you send someone the board's link, and every stroke appears for all connected users in real time over WebSockets, with cursor positions shared so you can see where collaborators are working. Board state persists automatically and continuously, so a diagram drawn in today's lesson is still there next week at the same URL. Boards come in three flavors: a public free-for-all, private boards with random unguessable names, and named boards with custom URLs shared by anyone who knows the name. The tools cover teaching and brainstorming needs - pencil, straight lines, rectangles, ellipses, text annotations, eraser, a full color palette with brush sizes - and boards export as SVG or PNG. Despite the simplicity, the server is production-minded: JWT authentication gates board access with granular capabilities (open, edit, and clear as separate permissions), rate limiting caps per-client message volume, reverse-proxy and subpath deployment are supported, and OpenTelemetry provides metrics, logs, and traces. It works on tablets and touch devices, speaks multiple languages, and consumes minimal resources. AGPL-licensed.

Deploy
PsiTransfer screenshot thumbnail

PsiTransfer

Upload files, get a share link, let it expire: PsiTransfer is a self-hosted WeTransfer with no accounts, no logins, and no third-party cloud with size caps and metadata harvesting. The engineering focus is large files over imperfect networks. Uploads use the tus.io resumable protocol, so a dropped connection on a multi-gigabyte video resumes exactly where it stopped once you're back online; downloads support HTTP range headers for the same resilience, and everything streams, so file size is bounded by your disk rather than memory. Files organize into upload buckets with retention you control: expire after a set time (up to weeks) or after a one-time download, with automatic cleanup when links lapse. Recipients need nothing installed - they open the link, preview files in modal views, and grab everything as a zip or tar.gz archive with one click. Buckets can be password-protected (AES-encrypted download lists), and security-through-obscurity is done properly: bucket URLs use hashed UUID tokens and stored filenames are replaced with UUIDs. An optional admin page (enabled by setting an admin password) lists bucket information and storage. The Vue.js frontend ships under 100 KB gzipped and is fully responsive. Honest caveat from the author: no end-to-end payload encryption yet. BSD-licensed, Docker-ready.

Deploy
Freescout screenshot thumbnail

Freescout

Unlimited agents, unlimited tickets, unlimited mailboxes, forever, on a $4 VPS - FreeScout's pricing inversion is why it became the most popular self-hosted Help Scout alternative, a PHP/Laravel help desk and shared inbox developed from scratch over eight years. The inbox deliberately behaves like Gmail or Outlook, so new support agents need close to zero training. The email-support core is genuinely complete: seamless IMAP/SMTP integration including modern Microsoft Exchange authentication, collision detection that warns when two agents open the same conversation, canned responses, auto-replies, internal notes, open tracking, starring, forwarding, merging, and moving conversations between mailboxes, phone-call logging, push notifications, and an auto-refreshing conversation list - plus screenshot pasting straight from the clipboard into replies. It's 100% mobile-friendly, fully screen-reader accessible, and translated into 28 languages. Beyond the core, an ecosystem of 100+ modules (mostly one-time $12-20 purchases) adds knowledge base, workflows with Gmail-filter-style automation rules, satisfaction ratings, time tracking, tags, custom fields, LDAP, Slack, WhatsApp and Telegram channels, and an API with webhooks - pay only for what your team needs. Web installer and updater included. AGPL-licensed.

Deploy