I am a tax accountant in Japan. I have been working in IT for over forty years — starting from an era when source code was compiled overnight.
Last year I sat down and added up what my small practice was paying for SaaS: cloud storage, document collaboration, AI assistants, calendar, email, remote desktop, monitoring. The number was $163 per user per month. I decided to see whether I could build a self-hosted replacement that I actually understood and controlled.
This is what I ended up with, running in production on real client work every day:
- VPS: Vultr, $24/month, Ubuntu 24.04 LTS
- Access: Cloudflare Zero Trust (free tier) — 2 open ports, no VPN, no exposed SSH
- Cloud + editing: Nextcloud + Collabora Online
- AI: Unified proxy for ChatGPT, Claude, Gemini, Perplexity (~100 lines of Node.js)
- Automation: OpenClaw (≥2026.1.29, patched for CVE-2026-25253)
- Remote desktop: Apache Guacamole through 5 authentication layers
- Monitoring: Prometheus + Grafana + Alertmanager
- Backups: Nightly DB to Supabase + weekly AES-256 encrypted config archive
Total for a 3–8 person team: approximately $35–50/month.
I wrote a five-part guide covering the entire build. Every command, every configuration file, every place where I made a mistake. It is free and will remain so.
A few things I learned that may be useful to others here:
- Cloudflare Tunnel eliminated the need for a VPN entirely. Two ports open, everything else invisible. This was the single biggest simplification.
- The hardest integration was not the AI proxy — it was getting Collabora’s
aliasgroupconfiguration to work correctly with Cloudflare’s TLS termination. - OpenClaw’s CVE-2026-25253 (CVSS 8.8) is a serious concern. The architectural defense — localhost-only binding plus tunnel authentication — neutralizes it structurally, but it should not be deployed without understanding the risk.
- The most underrated component is Supabase as a backup target. PostgreSQL-to-PostgreSQL with zero format conversion.
I would be grateful for any feedback from this community. If you see something I could improve, or a better approach to any part of this stack, I would genuinely like to hear it.
Thank you for this recommendation — Mistral is a name I should have included in my evaluation, and I appreciate you raising it.
The GDPR compliance and the availability of self-hostable models are both significant advantages, particularly for professionals handling client data under strict regulatory obligations. The proxy architecture is designed to be provider-agnostic — adding Mistral (or any provider with a chat completions API) would require fewer than 20 lines of code. So this is genuinely practical advice, not just theoretical.
Your point about hallucination behavior is also interesting. In tax and legal work, a model that says “I don’t know” is far more valuable than one that sounds confident while being wrong. I will test Le Chat against my usual evaluation prompts and see how it performs.
I cannot speak to Japanese language performance yet, but I will report back if I try it. Thank you again — this is exactly the kind of suggestion I was hoping for when I posted here.
One more thing I should’ve mentioned: It’s important to make a (free) account if you try it. Although they still offer a chat interface without it, that interface is then connected to one of their very small models and lacks the “Thinking” feature (same as ChatGPT’s “Reflection”). Not very useful in most cases and more of an appetizer.
Good to know, thanks for the heads-up. I’ll make sure to note that when I test it. The “Thinking” feature is exactly the kind of thing I’d want for tax research queries anyway.