Insights
Open Source Solutions
Expert guidance on Open Source Solutions. These workflows help you take control of your stack and move away from vendor lock-in.
Leveraging and hosting independent, enterprise-grade open-source tools to replace expensive proprietary SaaS.
-
Open Source Solutions
Escaping Discord: How to Launch a Secure Self-Hosted Stoat Server
Discord's age-verification stack leaked 70,000 IDs. Here is how to migrate your community to a properly hardened, self-hosted Stoat server on Docker.
-
Open Source Solutions
Can Open-Source Be a Valid Business Strategy? What n8n, Pangolin, and Netbird Show
n8n raised $180M at a $2.5B valuation. Pangolin closed a YC seed round. Netbird hit $5.4M. Open-source isn't a community hobby anymore; it's a business model that's beating closed-source incumbents.
-
Operations & Automation
AI WordPress Automation With DeepSeek, n8n, and Baserow
How I run AI WordPress automation in production: a self-hosted n8n + Baserow + DeepSeek stack that drafts posts at 2% of GPT-4 cost without SEO penalty.
-
Cybersecurity & Hardening
2FAuth: The Self-Hosted 2FA Manager I Actually Trust
How I deploy 2FAuth as a self-hosted 2FA vault: the Docker stack, the proxy in front, the backup discipline, and why I keep it behind a VPN.
-
Cybersecurity & Hardening
Authentik: One Self-Hosted Login for All My Apps
How I deploy Authentik as a self-hosted identity provider: the Docker stack, the Postgres and Redis pieces, the SSO flows, and when SSO is overkill.
-
Open Source Solutions
BookStack: My Self-Hosted Wiki for Client Handovers
How I deploy BookStack as a self-hosted documentation wiki: the Docker stack, the proxy, the backup discipline, and why it beats Notion for agencies.
-
Operations & Automation
Code-server: Self-Hosted VS Code in Your Browser
How I deploy code-server for a portable VS Code in the browser: the Docker stack, the proxy in front, and the workspace-backup rule that saved a week of work.
-
Cybersecurity & Hardening
CrowdSec Installation and Server Protection on Ubuntu
How I install CrowdSec on every fresh Ubuntu server: package repo, firewall bouncer, the collections worth running, and the console wiring that closes the loop.
-
Cybersecurity & Hardening
CrowdSec for WordPress: Bouncing Bad IPs at the App Layer
How I wire CrowdSec's WordPress bouncer to the LAPI on the same server, what bouncing level to pick, and the failure modes I've watched it catch in production.
-
Cybersecurity & Hardening
Cryptgeon: Self-Hosted Secret Sharing vs PrivNote
How I deploy Cryptgeon as a self-hosted secret sharing service: the Compose file, the TTL defaults I trust for client onboarding, and the proxy in front.
-
Cloud Infrastructure
CyberPanel: My OpenLiteSpeed Stack for Agency WordPress
How I install CyberPanel on a fresh Ubuntu box, harden the LiteSpeed admin, enforce TLS 1.3, and turn on the LSCache crawler for agency WordPress hosting.
-
Open Source Solutions
DocuSeal Self-Hosted Document Signing: My Agency Setup
How I deploy DocuSeal as a self-hosted DocuSign alternative: the Compose file, eIDAS reality, audit-trail storage, and when paying DocuSign actually wins.
-
Open Source Solutions
Immich Self-Hosted Photo Backup: My Production Setup
How I run Immich as a self-hosted Google Photos replacement: the Compose stack, Caddy in front, sizing reality, and when paying Google is still the right call.
-
Operations & Automation
IT Tools: Self-Hosted Dev Utilities, No Privacy Trade-Off
How I deploy IT Tools self-hosted as the JWT decoder, hash generator, and JSON formatter that never sees the public internet, plus the reasons I stopped pasting tokens into random websites.
-
Cybersecurity & Hardening
Kasm Workspaces: Self-Hosted Browser Isolation Done Right
How I deploy Kasm Workspaces for browser isolation on a single VPS, the Caddy proxy in front, and where remote browsers actually beat RDP and VDI.
-
Operations & Automation
Listmonk Self-Hosted Newsletter: My Deployment Guide
How I ship Listmonk for clients who want a Mailchimp replacement they actually own, plus the SMTP relay choices that decide whether the campaigns land.
-
Cloud Infrastructure
Mailcow: My Self-Hosted Email Server vs Google Workspace
How I deploy Mailcow as a self-hosted email server: the Compose stack, the DNS records that decide deliverability, and when I tell clients to stay on Workspace.
-
Operations & Automation
Mautic Self-Hosted Marketing Automation: My Honest Guide
How I deploy Mautic for clients who refuse to ship lead data to HubSpot, plus the SMTP traps that make most self-hosted setups quietly fail.
-
Operations & Automation
MeshCentral Self-Hosted Remote Management for Agency Fleets
How I deploy MeshCentral self-hosted to replace TeamViewer for agency client SLAs: the Docker stack, the proxy, and the agent install rules I never break.
-
Cybersecurity & Hardening
Mistborn: Self-Hosted Wireguard + Pi-hole + Firewall VPN
How I deploy Mistborn as a self-hosted VPN platform: the one-line install, the Pi-hole adlists I trust, the DoH switch, and where it beats raw Wireguard.
-
Operations & Automation
n8n Self-Hosted Workflow Automation: Production Notes
How I deploy n8n self-hosted for agency clients: the Docker stack, the proxy in front, the credentials trap, and when it beats writing a Lambda.
-
Open Source Solutions
Nextcloud AIO Self-Hosted Installation: My Production Setup
How I deploy Nextcloud AIO as a self-hosted Google Workspace replacement: the Compose file, the proxy in front, sizing reality, and when to pay Google instead.
-
Open Source Solutions
Penpot Self-Hosted Design Platform: My Agency Setup
How I deploy Penpot as a self-hosted Figma alternative for design teams: the Compose stack, the Caddy proxy, sizing reality, and when Figma still wins.
-
Open Source Solutions
Perfex CRM Self-Hosted Installation: An Honest Agency Guide
How I deploy Perfex CRM self-hosted on a CyberPanel VPS: licensing reality, the PHP/MySQL stack, the operational tradeoffs, and when it beats SaaS on TCO.
-
Open Source Solutions
Plausible Analytics Self-Hosted: My Production Stack
How I deploy Plausible self-hosted analytics for agency clients: the Compose file, the Cloudflare Tunnel in front, SMTP that actually delivers, and the costs.
-
Cloud Infrastructure
Portainer + NPM + Vaultwarden: My Default Self-Hosted Stack
How I deploy Portainer, Nginx Proxy Manager, and Vaultwarden together: the Docker stack, the gotchas, and the operational rules I'd tattoo on a junior engineer.
-
Agency Growth & Strategy
Self-Hosted Agency Stack: FOSS-First Foundations
The opinionated entry point to my self-hosted agency stack: the philosophy, the phased build order, and a deep-dive link for every tool in the archive.
-
Open Source Solutions
Stirling PDF: Self-Hosted Replacement for ilovepdf.com
How I run Stirling PDF as a self-hosted alternative to ilovepdf.com and Adobe Acrobat for agency document work, with Compose file and Cloudflare Access.
-
Operations & Automation
Uptime Kuma: My Self-Hosted Monitoring Setup
How I deploy Uptime Kuma for client environments: the Docker stack, the proxy in front, and the notification traps I keep watching agencies fall into.
-
Open Source Solutions
Vikunja Self-Hosted Task Management: My Production Setup
How I deploy Vikunja as a self-hosted task manager for an agency: the Compose stack, the Nginx reverse proxy quirk, mail config, and when to skip Trello.
-
Cybersecurity & Hardening
WireGuard Easy: My Self-Hosted VPN Front Door
How I deploy WireGuard Easy as a self-hosted VPN: the Compose file, the config trade-offs, and why wg-easy is my default for client-scale tunnels.
-
Cybersecurity & Hardening
Wirehole: Wireguard + Pi-hole + Unbound on One Compose Stack
How I deploy Wirehole as a self-hosted VPN: Docker Compose on Ubuntu, the Unbound version pin that bites everyone, and where it beats raw Wireguard.
-
Cybersecurity & Hardening
WordPress Server Security: A Comprehensive Hardening Guide
The full WordPress server security pass I run on every production site: server baseline, WordPress hardening, headers, 2FA, and the plugins worth their CPU.
-
Cybersecurity & Hardening
Netbird and Zero Trust: A Mesh VPN for Distributed Teams
How Netbird, an open-source mesh VPN built on WireGuard, fits a Zero Trust security posture for remote teams: peer-to-peer encryption, per-peer access control, and no central concentrator to bottleneck.
-
Open Source Solutions
Flarum: A Lightweight Self-Hosted Forum for Modern Communities
Flarum is an open-source PHP forum with a Mithril frontend and a 1,200+ extension ecosystem. Why I recommend it for small-to-mid-size communities over Discourse, Discord, and Reddit.
-
Open Source Solutions
PikaPods: Managed Hosting for Self-Hosted Open-Source Apps
PikaPods is a managed hosting service for self-hosted open-source apps from the BorgBase team. From $1/month, no sysadmin skills required. Where it fits and where it doesn't.
-
Cybersecurity & Hardening
Mistborn: A Zero Trust VPN Suite for Self-Hosted Cloud Services
Mistborn is an open-source Zero Trust VPN suite built on WireGuard, Pi-hole, Wazuh, and Suricata, with a CISSP/OSCP-led security model. How it fits, when to choose it, and what the Webnestify managed-Mistborn engagement covers.
-
Technical Blueprints
WP-CLI: The Command-Line Interface Every WordPress Admin Should Use
WP-CLI is the command-line tool for WordPress that turns 30-minute admin tasks into 30-second commands. Why I run it on every managed WordPress site and the commands worth memorizing.
-
Cybersecurity & Hardening
Borg Backups: Encrypted, Deduplicated Backups That Don't Break the Storage Budget
Borg is an open-source backup tool that combines deduplication, encryption, and compression so nightly backups of multi-terabyte servers don't fill the storage in a month. Why I run it on every managed server.
-
Cybersecurity & Hardening
Self-Hosted WireGuard VPN with WG-Easy: A Practical Setup Guide
WireGuard plus WG-Easy gives you a self-hosted VPN with a clean web UI in under 30 minutes. Where it fits, where it doesn't, and the deployment patterns I run for managed clients.
-
Operations & Automation
MeshCentral: An Open-Source RMM Platform That Doesn't Sell You Out
MeshCentral is a free, self-hosted Remote Monitoring and Management platform. Why I default to it over commercial RMM vendors after the ConnectWise breach made the closed-source RMM model look very different.
-
Operations & Automation
Server Monitoring That Actually Catches Problems: Grafana, Prometheus, Loki, Netdata
What real server and web app monitoring looks like in practice. The Grafana + Prometheus + Loki + Promtail stack for full control, Netdata for instant deployment, and how to pick between them.
-
Open Source Solutions
Ditch Google Analytics: Open-Source, Privacy-First Alternatives That Work
Matomo, Plausible, Umami, and Ackee compared as open-source alternatives to Google Analytics. GDPR-compliant by default, self-hostable, and immune to ad-blockers when run on your own domain.