Zipline
ShareX and file uploads, next generation: Zipline is a Node.js/React/PostgreSQL server that turns screenshot sharing and file hosting into something you run yourself instead of renting from Imgur or a paid image host. The core workflow is built around ShareX: generate an .sxcu config from your account settings, import it, and every screenshot or clipboard capture uploads to your domain with a short link copied automatically. Uploads accept any file type, organized with folders and tags, with token-protected uploading, optional password protection, view-limited auto-deletion, image compression, metadata stripping, automatic video thumbnails, and chunked/partial uploads for large files. File URLs come in configurable formats - UUIDs, dates, random alphanumerics, original names, even zero-width spaces. A built-in URL shortener adds vanity slugs, passwords, view caps, and custom domains. Discord embeds are first-class: customize OG metadata titles, descriptions, and colors so links unfurl exactly how you want, and fire fully customizable Discord or HTTP webhooks on each upload. Authentication is serious: OAuth2 (Discord, GitHub, Google, OIDC), TOTP two-factor, and passkeys, with invite-based registration and per-user quotas for shared instances. Storage targets local disk or any S3-compatible backend, a full REST API automates everything, and custom themes plus a PWA round out the experience.
Octobox
What Gmail did for email, Octobox does for GitHub notifications: an ephemeral, unmanageable stream becomes an inbox you can actually triage. GitHub marks notifications read the moment you glance at them and lets old ones vanish days later; heavy maintainers end up building elaborate Gmail filter systems just to cope. Octobox - a Ruby on Rails app over PostgreSQL - syncs your notifications into a persistent inbox with an explicit archived state: mark a thread done, and if the issue or PR sees new activity, it pops back automatically, so nothing silently falls through. Triage is keyboard-driven with Gmail-style shortcuts (j/k to navigate, e to archive, m to mute, s to star), and multi-select clears noisy repositories in bulk. Filtering is where it earns its keep: slice by repository, organization, type, action, state, reason, CI status, labels, author, assignee, or bot origin, combine prefix search filters, and pin favorite searches to the sidebar. The optional GitHub App enriches entries with live PR/CI status and labels so you can decide without clicking through. Auto-archive rules clear merged PRs and closed issues; muting and snoozing silence the rest. A REST API supports integrations. Self-hosting keeps your notification metadata - a map of everything you work on - on your own server.
GoToSocial
Mastodon serves single-user and small-community instances poorly; GoToSocial, an ActivityPub server written in Go, was built precisely for them. Where Mastodon demands Ruby, PostgreSQL, Redis, and Sidekiq, GoToSocial is one binary using roughly 250-350 MiB of RAM with SQLite as the default database (PostgreSQL optional) - it runs comfortably on a $5 VPS or a repurposed laptop. The deliberate design choice is having no built-in web client: the server exposes profile pages, a settings panel, and a faithful implementation of the Mastodon API, and you post through the client app you already like - Tusky on Android, Feditext on iOS, Pinafore or Phanpy in the browser. Federation is the point: your instance follows, boosts, and replies across Mastodon, Misskey, Pixelfed, and the rest of the Fediverse, with your identity anchored to your own domain. Safety is a stated focus, with granular per-post visibility and interaction controls, content warnings, custom emoji, hashtag following, domain allow/blocklists, and OIDC login support. Built-in Let's Encrypt provisioning simplifies the mandatory TLS. AGPL-3.0 licensed and in active beta, federating cleanly with the ecosystem's major servers.
Passbolt
Security-conscious IT departments pick Passbolt for its cryptography: every user holds an OpenPGP key pair, and shared credentials are encrypted individually to each recipient's public key - real end-to-end encryption, not a vault password handed around. All crypto runs client-side in the mandatory browser extension (distributed and signed through the Chrome and Firefox stores, deliberately separating the crypto code from the server that stores ciphertext); private keys and passphrases never touch your instance, and the server admin cannot read a single secret. Authentication uses the challenge-based GpgAuth protocol, secrets are digitally signed to verify sender integrity, and metadata encryption extends protection to resource names and URLs. Day to day it behaves like a polished commercial manager: auto-fill and auto-save in forms, strong password generation, anti-phishing protection, TOTP storage, folder hierarchies shared per-user or per-group with fine-grained permissions and instant cryptographic revocation. Native iOS, Android, and desktop apps ship alongside a JSON API, CLI, and SDKs for CI/CD secret retrieval and rotation. The PHP server runs on MariaDB and is AGPL-licensed open source - including the paid tiers' codebase - with published security audits.
Cockpit
Built by an agency in 2011 and refined by real client work since, Cockpit is a headless CMS whose pragmatism is earned. It's a pure content backend: model your data, let editors manage it, and fetch it over REST or GraphQL from any frontend - React, Vue, Flutter, a static site generator, or an IoT dashboard. Content modeling covers three shapes: Collections for repeatable items (posts, products, events), Singletons for one-off content (settings, about pages), and Trees for hierarchies (navigation, categories), all assembled from 20+ field types including relationships. The API layer is unusually capable: MongoDB-style query filtering, field selection to trim payloads, automatic image optimization through the assets API, and built-in caching. Localization is first-class with per-field multi-language content and fallback support; user management includes roles, granular permissions, two-factor authentication, and API tokens; and webhooks push changes into external workflows. Agencies get multi-tenant Spaces - several sites or clients from one installation. The operational footprint is refreshingly small: PHP plus either SQLite or MongoDB, no build steps, no toolchain, extensible through hooks, events, and addons (pages/SEO, forms, full-text search, layout components). Where enterprise headless platforms bill per seat and per locale, Cockpit is MIT-licensed and simply yours.
Chief-Onboarding
New hires fail from information overload and IT bottlenecks, not lack of goodwill - the observation behind ChiefOnboarding, a free, open-source employee onboarding platform (Django, Celery, PostgreSQL, Redis). Its answer is sequences - drag-and-drop timelines that drip-feed to-do items, resources, courses, forms, and badges to each new hire, triggered by dates or by completing a previous item, so nobody faces everything at once. Onboarding starts before day one: preboarding pages welcome hires early, and colleagues can leave personal messages that appear there. The account provisioning module creates the new hire's Slack, Google, Asana, and other accounts automatically on the scheduled day via a library of integrations plus custom webhooks - the IT ticket queue never gets involved. Everything works through two equivalent interfaces: a full web dashboard and a Slack bot, either usable standalone. Slack can even auto-create new hire accounts when someone joins the workspace and assign default sequences with zero manual action. Colleague tasks with comments and collaboration, a searchable people directory, scheduled introductions, and per-hire timezone awareness (no 3 a.m. notifications) round it out. No trackers, no phoning home - third-party credentials sit in encrypted fields on your server.
Flame
A server full of scattered services becomes one clean application hub under Flame - a self-hosted startpage where every bit of configuration happens in built-in GUI editors, never a config file. Applications and bookmarks are created, edited, and organized into categories directly in the browser, and favorites pin to the homescreen for one-click access. The integrated search bar filters your apps and bookmarks locally as you type, and prefix shortcuts (like /g for Google) route queries to any of 11 web search providers or custom ones you define, making Flame a genuine browser homepage rather than a static link wall. Docker integration is the standout for homelabs: mount the Docker socket, add flame.type, flame.name, and flame.url labels to containers, and new services appear on the dashboard automatically - Kubernetes Ingress annotations work the same way. A weather widget shows temperature, cloud coverage, and animated conditions for your coordinates, and password authentication protects settings and items. Appearance is deeply customizable with 15 built-in color themes, a custom theme builder, and full custom CSS support. The stack is Node.js with SQLite behind a React frontend - light, fast, and inspired by the minimalist SUI design.
Owncloud
The project that proved organizations could have Dropbox-style convenience with complete data ownership: ownCloud is the original open-source file sync and share platform - the codebase Nextcloud later forked from. This deployment runs the classic ownCloud Server (PHP over PostgreSQL or MariaDB, with Redis caching), the battle-tested edition trusted across enterprises, universities, and public institutions worldwide. The core loop: store files on your server, sync them via desktop clients for Windows, macOS, and Linux plus iOS and Android apps, and access everything through the web interface or standard WebDAV. Sharing is granular - internal users and groups, external recipients via public links with passwords and expiration dates, and federated sharing that connects separate ownCloud instances into one network. Security controls include file firewall rules, multi-factor authentication, encryption, and detailed audit-friendly lifecycle management with versioning and trash-bin recovery. An app marketplace extends the platform, and Web Office integrations bring collaborative document editing through Collabora Online, OnlyOffice, or Microsoft Office Online directly into your files. LDAP and Active Directory integration slots it into existing identity infrastructure. For teams that need a proven, self-hosted alternative to Dropbox or Google Drive - where compliance demands knowing exactly which disk your data sits on - ownCloud remains a foundational choice.
Apprise-API
One REST call, 130+ notification services: Apprise API wraps the well-known Apprise library in a lightweight Django/Gunicorn microservice, so "send an alert" works the same whether it goes to Slack, Discord, Telegram, Teams, email, SMS, Pushover, or PagerDuty - each addressed by a simple URL scheme. It solves the credential-sprawl problem cleanly: instead of embedding provider tokens in every app, cron job, and CI pipeline, you centralize them here and everything else just POSTs a body and title. Two modes cover every workflow. Stateless calls to /notify carry target URLs in the payload (or fall back to a default set via APPRISE_STATELESS_URLS); stateful mode stores named configurations server-side under keys, so /notify/{KEY} fans out to everything registered - with tag-based routing (comma for OR, space for AND) selecting which endpoints fire per message. Messages take info, success, warning, or failure types in text, Markdown, or HTML, with attachments up to a configurable size. A built-in web UI manages and tests configurations, APPRISE_CONFIG_LOCK makes the store read-only, service allow/deny lists restrict which schemes work, webhook remapping adapts third-party payloads, and a Prometheus /metrics endpoint watches the gateway itself.
CodeX Docs
Writing docs should feel like editing a modern document, not wrangling Markdown files - CodeX Docs delivers that on Editor.js, the block-styled editor its CodeX team builds and thousands of products use. Content is composed from clean blocks (headings, lists, code, images, embeds) with a UI that reads well on both desktop and mobile, and pages render statically with human-readable, SEO-friendly URLs. Structure is free-form: pages nest to any depth, so a flat FAQ and a deep product manual coexist in one instance, and the UI tunes to fit - collapse sections, hide the sidebar. The operational footprint is deliberately tiny. No database is required: the default driver persists to a local folder, with MongoDB available when you want it, and the whole app configures through one YAML file (overridable with APP_CONFIG_ environment variables) covering title, start page, auth password, and JWT secret. Editing mode sits behind password authentication. Thoughtful extras are wired in: readers can report misprints straight to your Telegram or Slack, Hawk error tracking catches frontend and backend exceptions, and Yandex Metrica analytics is a one-line config. A ready-made Helm chart covers Kubernetes. Written in TypeScript.
Documize
Enterprise documentation discipline without enterprise infrastructure: Documize Community is the Confluence alternative built on exactly that trade. The entire platform - Go backend, Ember.js frontend - compiles to a single executable binary for Linux, Windows, and macOS with zero runtime dependencies: no Elasticsearch, no Redis, no JVM. Point it at PostgreSQL, MySQL, MariaDB, Percona, or Microsoft SQL Server (rare in open source, decisive in Microsoft shops), and schema migrations run on launch with native full-text search on whichever engine you chose. Content organization rejects nested-folder sprawl for Spaces, categories, and labels, and the section-based composable editor mixes rich text, Markdown, code blocks, PDFs, diagrams, and embedded Jira or Trello content in one document, with reusable blocks and templates so teams start from standards rather than blank pages. It deliberately unifies internal team docs and customer-facing documentation in one system with granular space-, document-, and action-level permissions deciding who sees what. Where wikis stop, Documize continues: content approval workflows (draft, review, approve, publish), version management, lifecycle control, feedback capture, PDF export, analytics showing what gets read and ignored, activity streams, and audit logs. Keycloak, LDAP, and SSO integrate for enterprise auth. AGPL-licensed.
mCaptcha
The CAPTCHA bargain - annoy your users and feed their behavior to Google - gets replaced with economics by mCaptcha. Instead of image puzzles, it uses SHA256 proof-of-work: every visitor's browser silently solves a small computational challenge (via a WebAssembly library) before submitting a form. Humans never notice the milliseconds; bots hammering your site must burn more compute sending requests than your server spends answering them, which makes attacks more expensive than defense - the property that also makes mCaptcha genuine DoS protection, not just bot filtering. Written in Rust, the system is fully automated: difficulty scales with traffic, so challenges stay trivial in normal conditions and harden under attack. The privacy and accessibility wins are structural rather than promised: no tracking, no profiling, no user-pattern data collection, and no visual puzzles that exclude users with visual or cognitive impairments - the design was published in Communications of the ACM. Rate limiting is IP-independent, so users behind NATs, VPNs, or Tor get the same experience instead of endless challenge loops, and proofs resist replay attacks, neutering captcha farms. Migration is deliberately easy: the API is compatible with reCAPTCHA and hCaptcha, making it a drop-in replacement. AGPL-licensed core with proprietary-friendly client libraries.
Flatnotes
A web interface for a folder of Markdown files - Flatnotes is exactly that, and the discipline of that design is why people love it. Every note is a plain .md file in a single flat directory: no database, no proprietary format, no hierarchy to maintain, no export step if you ever leave. Edit notes in the browser or open the same files in VS Code or Obsidian, sync them with Syncthing or rsync while the app is running - the Whoosh-powered search index synchronizes incrementally, so external edits just show up. The interface is a clean Vue.js app with both WYSIWYG and raw Markdown editing modes (TOAST UI Editor), instant full-text search behind the "/" shortcut with partial-match support, wikilinks for cross-note references, and automatic tag extraction from #hashtags in note bodies. Light and dark themes and a mobile-responsive layout make it pleasant everywhere. Authentication is flexible for a personal tool: none, read-only, username/password, or TOTP two-factor. A documented REST API covers create/read/update/delete for automation. The operational story is the quiet selling point - the only state is the notes folder and a rebuildable index, so backup is copying a directory. For a personal notepad that respects your data, Flatnotes nails minimal.
Coral
Comment sections at the Washington Post, the Wall Street Journal, and newsrooms across 30 countries run on Coral (also known as Talk) - the platform built by journalists' technologists, started under the Mozilla Foundation and now stewarded by Vox Media as an Apache-2.0 project serving 23 languages. Its founding premise is that online comments are broken and moderation is the fix. Moderators get a full queue system - reported comments, system-held pending comments, and configurable pre-moderation - backed by AI toxicity scoring that warns commenters before posting and holds high-scoring comments for review, Akismet spam detection, banned and suspect word lists, and automatic repeat-offender handling that pre-moderates users whose rejection rate crosses a threshold. Readers get features designed for healthier conversation: journalist badges in threads, muting of annoying voices, notifications, instant new-comment alerts, and timeouts rather than just bans. For publishers the economics are the point - no ads, no trackers, no hidden pixels anywhere in the code, full ownership of audience data, and GDPR compliance beyond requirements. Integration is one embedded script; SSO connects existing registration, and a GraphQL API supports customization and extension.
Bazarr
Subtitles are the one chore Sonarr and Radarr leave behind - Bazarr finishes the *arr media stack by automating them. It connects to both via their APIs and mirrors their libraries - it doesn't scan disk itself, it manages exactly what your *arr apps index. For every monitored episode and movie it checks existing internal and external subtitles against your language profiles, then hunts missing ones across dozens of providers - OpenSubtitles.com, Podnapisi, Addic7ed, Subscene, and many regional sources - covering 184 subtitle languages including forced/foreign-dialogue tracks. Matching is smarter than filename guessing: releases are compared by release group and source, some providers support exact file-hash matching, and every downloaded subtitle gets a percentage score. Set a minimum score per Sonarr/Radarr connection and Bazarr rejects weak matches; enable upgrades and it replaces previously downloaded subtitles when better ones surface. Out-of-sync files get fixed too - automatic subtitle synchronization realigns timing after download, triggered only below a configurable score threshold so good subs aren't touched. Per-show and per-movie language configuration, download history, manual on-demand search, and adaptive searching that throttles provider API calls round it out, all behind a clean Sonarr-style web UI written in Python. If your library serves multilingual viewers, this removes the last manual step.
Fireshare
The moment after ShadowPlay saves a great clip is what Fireshare was built for: your friends see it now, not after a YouTube upload, processing queue, and platform terms review. Drop videos into a watched folder and this Flask/React application generates a unique shareable URL for each one, complete with Open Graph metadata - so pasting the link into Discord, Twitter, or Slack produces a proper embed with title, description, and video thumbnail instead of a raw URL. Viewers need no account and no app. Visibility is per-file: public (browseable on your feed), private (unlisted, reachable only by direct link), or password protected. For game clips specifically, Fireshare organizes automatically - clips sort by game with cover art pulled from SteamGridDB, no manual tagging - while tags and full-library search cover everything else. Optional transcoding (CPU or GPU) creates lower-quality renditions so viewers on weak connections get automatic quality adaptation, and video cropping trims clips in place. The extras round out a genuinely finished tool: view counters, timestamped share links, a shuffle button, restrictable uploads, Discord notifications for new videos, an RSS feed of the public feed, mobile support, and LDAP for multi-user setups. No storage limits, no watermarks, no platform deciding what stays up. GPL-licensed.
Astuto
Feature requests, bug reports, upvotes, and a public roadmap: Astuto (Ruby on Rails backend, React frontend) gives users a Canny-style feedback portal so product decisions rest on visible demand rather than the loudest voice in the room. Feedback organizes into as many boards as you want (features, bugs, integrations), each post carrying a custom status you define - "planned," "in progress," "shipped," or whatever matches your process - and those statuses feed a public roadmap view showing users what is actually being worked on. Participation friction is adjustable at both ends: sign-in works with plain email or any OAuth2 provider, anonymous feedback can be enabled for unregistered users, and a moderation queue lets you approve posts before they appear when spam is a concern. Integration hooks are practical rather than sprawling - webhooks fire on events to connect Jira, Trello, or Slack, and a REST API manages the whole feedback space programmatically. Brand customization, an invitation system, private-site settings, and recap emails for administrators complete a deliberately minimal tool: it collects, organizes, and prioritizes feedback well, for free, forever.
Jirafeau
Upload a file, get a unique download link and a separate delete link - Jirafeau has done exactly this one thing since 2008. It is plain PHP with no database, no mail server, no JavaScript framework, and no external dependencies - files and metadata live on the filesystem, which is why it runs on nearly anything and why it has outlasted most of its imitators. Uploads use the HTML5 file API, so PHP's post_max_size ceiling does not constrain file size, with live progress showing speed, percentage, and time remaining. Every upload takes options: expiration from one minute to a year to unlimited, self-destruct after first download, and password protection with configurable policy - passwords can be optional, required, or server-generated with complexity rules. Server-side encryption (modern builds use XChaCha20-Poly1305) stores files encrypted at rest with the decrypt key embedded only in the download URL, never on the server, so a compromised host cannot read the contents. Unencrypted deployments get file-level deduplication - identical files stored once with multiple links. Upload access can be gated by password lists or IP allowlists, a small admin panel manages stored files, and a CLI cleanup script handles expired files via cron. Recipients can preview supported files in-browser.