Free series. No DevOps background required. All open-source. Total cost: ~$15–50/month depending on...

I am a tax accountant in Japan. I have been working in IT for over forty years — starting from an era when source code was compiled overnight.

Last year I sat down and added up what my small practice was paying for SaaS: cloud storage, document collaboration, AI assistants, calendar, email, remote desktop, monitoring. The number was $163 per user per month. I decided to see whether I could build a self-hosted replacement that I actually understood and controlled.

This is what I ended up with, running in production on real client work every day:

  • VPS: Vultr, $24/month, Ubuntu 24.04 LTS
  • Access: Cloudflare Zero Trust (free tier) — 2 open ports, no VPN, no exposed SSH
  • Cloud + editing: Nextcloud + Collabora Online
  • AI: Unified proxy for ChatGPT, Claude, Gemini, Perplexity (~100 lines of Node.js)
  • Automation: OpenClaw (≥2026.1.29, patched for CVE-2026-25253)
  • Remote desktop: Apache Guacamole through 5 authentication layers
  • Monitoring: Prometheus + Grafana + Alertmanager
  • Backups: Nightly DB to Supabase + weekly AES-256 encrypted config archive

Total for a 3–8 person team: approximately $35–50/month.

I wrote a five-part guide covering the entire build. Every command, every configuration file, every place where I made a mistake. It is free and will remain so.

A few things I learned that may be useful to others here:

  1. Cloudflare Tunnel eliminated the need for a VPN entirely. Two ports open, everything else invisible. This was the single biggest simplification.
  2. The hardest integration was not the AI proxy — it was getting Collabora’s aliasgroup configuration to work correctly with Cloudflare’s TLS termination.
  3. OpenClaw’s CVE-2026-25253 (CVSS 8.8) is a serious concern. The architectural defense — localhost-only binding plus tunnel authentication — neutralizes it structurally, but it should not be deployed without understanding the risk.
  4. The most underrated component is Supabase as a backup target. PostgreSQL-to-PostgreSQL with zero format conversion.

I would be grateful for any feedback from this community. If you see something I could improve, or a better approach to any part of this stack, I would genuinely like to hear it.

  • irmadlad@lemmy.worldEnglish
    0·
    10 days ago

    The real issue is all the misinformation in the text

    Initially, it didn’t seem as if most weren’t focusing on that. It was the fact that AI was involved…somehow, which prompted my tongue in cheek ‘delete the em dashes’ comment. If there is misinformation, like the opensource of AI, sure by all means, point that out. I mean, unless the mods make a ‘no-AI rule’ which would seem almost impossible to determine with a bit of rewording and editing of an AI generated text, then they will come. It didn’t seem to fit into the ‘low-effort’ rule. So, I wonder what would happen if no one responded and just ignored the thread until the mods made a decision. I scroll right by plenty of threads. A good tongue lashing by the users here doesn’t seem effective at all.

    I’d say chances this is a person from Japan is slim to none.

    I have no way to confirm that. On the internet, no one knows I’m a horse. Hell, even in real life, you really never know a person. You just know what they let you know.