Sandstorm
Personal cloud to run web apps securely, per-user sandboxed
Sandstorm is a self-hosted “personal cloud” platform that lets you install and run multiple web applications on your own server with strong isolation between apps and users. It provides an app-market style workflow, integrated identity/sharing, and a capability-based security model so apps can be safely shared and accessed.
Key Features
- One-command install and web-based admin for managing users, apps, backups, and updates
- App installation via Sandstorm “apps” (packaged as Cap’n Proto/SPK bundles) with an app market concept
- Per-app/per-user isolation (each document/workspace runs in its own sandbox) to limit data access between apps
- Capability-based security and sharing: share specific documents/apps using granular permissions and unguessable links
- Built-in identity and access management with multiple login providers (e.g., email/password and OAuth-based providers)
- Reverse-proxy style routing and HTTPS support (typically deployed behind a TLS terminator)
- Integrated email notifications and background tasks support for apps (app-dependent)
- Backup/restore tooling for app data (grain backups) and server migration support
Use Cases
- Host a private suite of collaboration apps (notes, wikis, chats, file tools) with consistent login and sharing
- Provide a secure multi-user environment for small teams to run web apps without giving them full server access
- Run “single-document” app instances (e.g., one shared pad/wiki doc) that can be shared by link with permissions
Limitations and Considerations
- Project activity has historically slowed compared to peak years; verify current maintenance status and security updates before production use.
- Sandstorm relies on its own packaging/runtime model; not all generic Docker/web apps can be installed without a Sandstorm-specific package.
Sandstorm is best suited for users who want an integrated, security-focused way to host multiple web apps with simple sharing and strong isolation. If you value per-document sandboxes and capability-based sharing over generic container hosting, it provides a distinctive approach to self-managed web apps.
Categories:
Tags:
Tech Stack:
Bash
C++
Node.js
Docker
MongoDB
JavaScriptSimilar Services
Coolify
Self-hosted PaaS for deploying apps, databases, and services
Coolify is a self-hosted PaaS to deploy and manage Docker apps, databases, and services from Git, with automatic builds, HTTPS, and environment management.
Pterodactyl
Web panel for managing game servers in Docker containers
Open-source game server management panel with Docker-based isolation, resource controls, SFTP/file manager, scheduled tasks, and multi-node deployments via Wings.
LinuxGSM
Command-line tool for installing and managing game servers
LinuxGSM is a CLI for deploying, updating, and operating dedicated game servers on Linux with automation for installs, validation, backups, and monitoring.
YunoHost
A server OS to self-host apps easily on your own domain
Debian-based server distribution with a web admin, app catalog, SSO and automated TLS/DNS/email setup for easy, maintainable self-hosting.
DockSTARTer
Menu-driven Docker Compose setup for self-hosted apps
DockSTARTer is a CLI tool that helps you install and maintain Docker, Docker Compose, and a curated set of Docker Compose app stacks using a guided, menu-based workflow.
Pelican Panel
Open-source game server management panel
Web panel for provisioning and managing game servers, built as a modern Pterodactyl-compatible alternative with a redesigned UI and updated architecture.