Best Self-hosted Security & Privacy tools in 2026
117 self-hosted open source alternatives in this category
117 services found
PocketBase
Lightweight open-source realtime backend with embedded SQLite
Open-source Go backend providing embedded SQLite, realtime (SSE) subscriptions, auth (JWT/OAuth2), file storage, admin UI and REST-style APIs for web and mobile apps.
Pi-hole
Network-wide DNS sinkhole for ad and tracker blocking
Pi-hole is a network-wide DNS sinkhole that blocks ads and trackers for all devices on your network, with a web dashboard, query logs, and optional DHCP server.
Vaultwarden
Bitwarden-compatible password manager server written in Rust
Vaultwarden is a lightweight, Bitwarden-compatible password manager server in Rust, designed for self-hosting with official Bitwarden clients.
Headscale
Self-hosted control server for Tailscale-based WireGuard networks
Headscale is an open source, self-hosted implementation of the Tailscale control server for managing a private tailnet, nodes, keys, IPs, and routes.
Keycloak
Open-source identity and access management with SSO
Keycloak is an open-source IAM server providing single sign-on, user federation, and centralized authentication and authorization using OIDC, OAuth 2.0, and SAML.
AdGuard Home
Network-wide DNS server that blocks ads, trackers, phishing and malware
Open-source DNS-based ad & tracker blocking server for networks. Offers per-device rules, parental controls, encrypted upstream DNS (DoH/DoT/DNSCrypt), web UI and API.
Web-Check
All-in-one OSINT tool for analyzing any website.
Comprehensive on-demand OSINT to analyze a website's security, architecture, and tech stack.
Authelia
Self-hosted IAM with SSO and multi-factor authentication
Authelia is an open-source IAM and authentication server providing SSO, MFA, and access control for web apps, with OpenID Connect/OAuth 2.0 and reverse-proxy integration.
KeePassXC
Cross-platform offline password manager using encrypted KDBX databases
KeePassXC is a secure, cross-platform password manager that stores credentials and sensitive notes in encrypted KeePass-compatible KDBX files with autofill and browser in...
Infisical
Open-source platform for secrets, PKI certificates, and privileged access
Infisical is an open-source platform to manage and deliver app secrets, certificates (PKI), SSH credentials, and encryption keys across teams and infrastructure.
Ente
End-to-end encrypted cloud for photos and 2FA
Open-source, end-to-end encrypted platform for private photo backup, sharing, and authenticator (2FA) sync across devices, with optional self-hosting.
wg-easy
WireGuard VPN server with a web-based admin interface
Run a WireGuard VPN server with an easy web admin UI to manage clients, generate configs and QR codes, and monitor connections and traffic.
NetBird
WireGuard-based overlay network with SSO/MFA and granular access controls.
Open-source zero-trust networking platform delivering a WireGuard-based private network with centralized access control, SSO/MFA, and cross-platform clients.
SafeLine
Self-hosted WAF and reverse proxy for securing web apps
SafeLine is a self-hosted Web Application Firewall (WAF) and reverse proxy that defends web apps from SQL injection, XSS, bot abuse, and DDoS using ML-powered threat dete...
authentik
Open-source Identity Provider (IdP) for SSO, OIDC, and SAML
Open-source IdP delivering SSO, OAuth2/OIDC, SAML2, LDAP, RADIUS, MFA, WebAuthn, conditional access and application-proxy capabilities for self-hosted deployments.
Teleport
Identity-aware access proxy for infrastructure and internal apps
Secure access platform for servers, Kubernetes, databases, desktops, and web apps with SSO/MFA, short-lived certificates, and full session auditing.
Pangolin
Identity-aware VPN and reverse proxy for secure remote access
Open-source identity-based remote access platform combining WireGuard VPN and tunneled reverse proxy access with granular zero-trust controls.
Bitwarden
Open-source password manager with zero-knowledge security and self-hosting.
Bitwarden is an open-source password manager that stores, shares, and autofills credentials with zero-knowledge encryption; supports cloud or self-hosted deployments.
Anubis
Web AI firewall utility that challenges and blocks scraper bots
Anubis is a lightweight web AI firewall that protects sites from AI crawlers and scraping bots using configurable request challenges and bot policies.
Fail2Ban
Log-monitoring daemon that bans abusive IPs via firewall rules
Fail2Ban monitors service logs for repeated failures and automatically bans abusive IP addresses by updating firewall rules for a configurable time.
OAuth2 Proxy
Reverse proxy and middleware for OAuth2/OIDC authentication
OAuth2 Proxy is a reverse proxy and middleware that protects web apps with OAuth2/OIDC login and forwards authenticated user identity to upstream services.
Bytebase
Database DevSecOps platform for schema change and access governance
Open-source database DevSecOps tool for managing schema migrations, SQL review, audit logging, access control, and data masking across multiple databases.
OpenVPN
Open-source VPN daemon for TLS-based secure tunneling
OpenVPN is a widely used open-source VPN daemon providing TLS/SSL-based secure tunneling, flexible client-server and site-to-site modes, and cross-platform support.
Cloudflared
Cloudflare Tunnel client to expose local services via Cloudflare's edge network.
CLI tool to create Cloudflare Tunnels and route traffic through Cloudflare’s edge.
ZITADEL
API-first identity and access management platform for applications
ZITADEL is an open source IAM/CIAM platform providing SSO, MFA, OIDC/OAuth2, SAML, user management, and multi-tenant organizations with audit logging.
Casdoor
UI-first IAM and SSO platform for modern authentication
Casdoor is an open-source, UI-first IAM/SSO platform supporting OAuth 2.0, OIDC, SAML, LDAP, SCIM, WebAuthn and MFA, with an admin web UI and SDKs.
CrowdSec
Crowdsourced IDS/IPS and WAF with shared malicious IP intelligence
CrowdSec is an open-source security engine that detects attacks from logs and blocks malicious IPs using bouncers and community-curated threat intelligence.
Logto
Authentication and authorization platform for apps and APIs
Open-source authentication and authorization infrastructure with OIDC/OAuth 2.1, SAML SSO, multi-tenancy, MFA, and RBAC for SaaS and AI apps.
Nginx UI
Web UI for managing Nginx configurations, certificates, and logs
Self-hosted web interface to manage Nginx configs, reload safely, issue Let’s Encrypt certificates, view logs, monitor server stats, and manage multiple nodes.
Amnezia
Cross-platform client to deploy and use your own VPN server
Open-source VPN client for desktop and mobile that can automatically set up a private VPN server and connect using WireGuard, OpenVPN, IKEv2, and obfuscated modes.