Most "self-hosting" articles are basically a list of Docker Compose files.
They tell you what to run. They don't tell you why the smart money is moving away from managed cloud services — or what a real production stack looks like when you do it right.
The shift isn't about being cheap. It's about control.
Your data. Your pipeline. Your infra. No vendor lock-in, no surprise pricing changes, no terms-of-service update that kills your product overnight.
Here's the stack I'd build today if I were starting from scratch — tools that are production-grade, actively maintained, and built by teams who eat their own cooking.
How I picked these
I'm not ranking by GitHub stars or Hacker News upvotes. I'm ranking by:
- Production-readiness — does it hold up under real load, or is it a weekend project with a pretty README?
- Migration story — can you replace an existing paid service without a 3-month rewrite?
- Maintenance burden — how much ops work does it create vs. eliminate?
- Privacy posture — does it send anything home? Telemetry, usage data, silent pings?
- Community momentum — growing or stagnating?
TL;DR: In 2026 you can run a full production stack on cheap VPS hardware and own everything from auth to analytics to AI inference — the cloud is a choice, not a requirement.
Table of Contents
- Ollama — Run any LLM locally, one command
- Coolify — Deploy apps without touching AWS or Vercel
- Plausible — Analytics that don't spy on your users
- Authentik — Auth without the $300/month Auth0 invoice
- Forgejo — Git hosting that's actually yours
- pompelmi — File scanning without sending files to the cloud
- Meilisearch — Search that doesn't bill per query
- Windmill — Automate workflows without Zapier's pricing ceiling
- Netdata — Real-time monitoring without Datadog sticker shock
1) Ollama — Run any LLM locally, one command
What it is: A runtime that lets you download and run open-weight LLMs (Llama 3, Mistral, Gemma, Phi-4, DeepSeek) on your own hardware with a single CLI command.
Why it matters in 2026: Every app is getting an AI feature bolted on, and most teams are routing everything through OpenAI — which means user prompts, internal documents, and sensitive data are leaving your infrastructure constantly. Ollama changes the threat model entirely. Your inference stays local. No API key, no usage ceiling, no per-token bill that scales into a surprise. With Apple Silicon and consumer NVIDIA cards getting faster every cycle, "local LLM" has crossed the threshold from demo to production-viable for most workloads.
Best for: privacy-sensitive apps, teams building on open-weight models, developers who want zero inference cost during iteration.
2) Coolify — Deploy apps without touching AWS or Vercel
What it is: A self-hostable PaaS that handles deployments, SSL, reverse proxying, database provisioning, and environment management — a full Heroku/Vercel replacement you run on your own VPS.
Why it matters in 2026: Vercel's pricing restructure and Render's new limits made a lot of teams do the math. A $6/month Hetzner VPS running Coolify handles most indie projects better than $50/month on a managed platform. The interface is clean, deployment from Git is one-click, and it handles Docker Compose natively. The difference from older self-hosted PaaS tools (Dokku, CapRover) is that Coolify actually feels finished.
Best for: indie hackers, small agencies, teams that want Heroku UX on their own hardware.
3) Plausible — Analytics that don't spy on your users
What it is: A lightweight, privacy-first web analytics tool that gives you pageviews, referrers, and traffic sources — without cookies, without GDPR banners, without sending data to Google.
Why it matters in 2026: GA4 is still a compliance headache and a UX nightmare. More critically, a growing segment of users actively block Google Analytics. Plausible's tracker is under 1KB and so privacy-respecting that it loads on pages where GA4 gets blocked. Self-hosted, your data never leaves your server. You get cleaner numbers, not inflated by bot traffic that GA4 struggles to filter.
Best for: GDPR-conscious teams, devs building privacy-first products, anyone who tried GA4 onboarding and immediately wanted to quit.
4) Authentik — Auth without the $300/month Auth0 invoice
What it is: A self-hosted identity provider and SSO platform that supports OAuth2, SAML, LDAP, and SCIM — a full Auth0/Okta alternative you run in a Docker container.
Why it matters in 2026: Auth0's free tier got gutted, and Okta's breach history hasn't helped confidence. The irony is that Authentik is genuinely more configurable than the SaaS alternatives — custom flows, policy engines, MFA, and social logins — all with no per-MAU pricing. If your app handles sensitive data, running your own auth means you control the session store, token lifetimes, and audit logs.
Best for: B2B SaaS teams, compliance-sensitive apps, developers who've hit Auth0's pricing wall.
5) Forgejo — Git hosting that's actually yours
What it is: A community-maintained fork of Gitea that gives you a full GitHub-like experience — repos, issues, PRs, CI/CD hooks, and package registries — on your own infrastructure.
Why it matters in 2026: GitHub is owned by Microsoft. GitLab's self-hosted path got increasingly hobbled toward enterprise licensing. Forgejo is the community fork that said no thanks to both trajectories. It runs on a $5 VPS, mirrors to GitHub if you want redundancy, and doesn't phone home. For teams handling proprietary code or working in regulated industries, your Git host shouldn't be someone else's SaaS.
Best for: teams with IP concerns, regulated industries, developers who want GitHub UX without GitHub dependency.
6) pompelmi — File scanning without sending files to the cloud
What it is: A minimal Node.js wrapper around ClamAV that scans any file and returns a typed Verdict (Clean, Malicious, ScanError). No daemons, no cloud, no native bindings, zero runtime dependencies.
Why it matters in 2026: If you're self-hosting everything else, why are you sending uploaded files to a cloud AV API? That's a data exfiltration vector you're literally paying for. pompelmi gives you local file scanning in one function call — it wraps ClamAV without the usual C-binding pain or process management overhead. With LLM-generated code being used to create novel malware at scale, user upload scanning isn't optional anymore — and it shouldn't require trusting a third party with your files.
Best for: self-hosted file storage, Node.js backends with upload endpoints, teams running ClamAV who don't want to manage it directly.
Links: GitHub
7) Meilisearch — Search that doesn't bill per query
What it is: A fast, typo-tolerant, open-source search engine you self-host — think Algolia's UX without Algolia's pricing.
Why it matters in 2026: Algolia is still excellent. It's also $1/1000 operations, which adds up fast once you have any real traffic. Meilisearch delivers sub-50ms search out of the box, handles typos and faceted filtering natively, and ships as a single binary. The API is close enough to Algolia's that migration is low-friction. For any product where search is a core feature and you're already hosting your own data, this is a no-brainer.
Best for: product teams replacing Algolia, developers building search-heavy apps, e-commerce on self-hosted infrastructure.
8) Windmill — Automate workflows without Zapier's pricing ceiling
What it is: A self-hosted workflow automation and internal tool builder — write scripts in Python, TypeScript, or Go, connect them into flows, trigger via webhook, cron, or API.
Why it matters in 2026: Zapier's task-based pricing model breaks at scale. n8n is solid but has a steep learning curve. Windmill is what you'd get if you rebuilt Zapier for engineers — scripts are first-class, version-controlled, and testable. Audit logs, RBAC, and secrets management are built in. Teams running internal ops, data pipelines, or API integrations are migrating here because the code is actually theirs.
Best for: engineering teams running internal tooling, data teams replacing Make/Zapier for complex flows, developers who want code-first automation.
9) Netdata — Real-time monitoring without Datadog sticker shock
What it is: A high-resolution, real-time infrastructure monitoring agent that collects thousands of metrics with zero configuration and visualizes them in a live dashboard — fully self-hosted.
Why it matters in 2026: Datadog's pricing has become a running joke — teams routinely get hit with invoices they didn't budget for. Netdata installs in 60 seconds, collects at 1-second resolution by default, and the dashboard is genuinely better-looking than most paid alternatives. The Netdata Cloud tier is optional — you can run it entirely air-gapped. For teams that moved to self-hosted infra, this closes the observability gap without re-introducing a SaaS dependency.
Best for: self-hosted infrastructure, on-call teams who need high-resolution metrics, developers who tried Prometheus + Grafana and decided life was too short.
Final thoughts
The cloud is still useful — but "we have to use the cloud" is almost never true anymore.
The tools above cover the full surface area of a production stack: inference, deployment, analytics, auth, version control, file security, search, automation, and observability. All open source. All self-hostable. All production-grade.
That's why the best infrastructure decisions being made right now are about:
- Ownership over convenience
- Privacy by architecture, not by policy
- Cost predictability as a first-class engineering requirement
- Vendor lock-in treated as a risk to be mitigated, not a feature
- Local-first as the default, cloud as the deliberate exception
The irony is that the self-hosted stack is often faster, cheaper, and more reliable than the managed equivalent — once you get past the initial setup.
If I missed something obvious, drop it in the comments.
Which managed service are you most tempted to replace right now?
Top comments (0)