Skip to content
SuperKloud
fr Join the waitlist
Self-hosted alternative to Big Tech

Your private cloud,
without the headache.

One-click deploy open-source apps. One identity for the whole team. Your data stays with you.

Join the waitlist See how it works

Zero Trust by design — TLS 1.3 · OIDC + 2FA · LDAP · hardened host (SSH, firewall, intrusion protection)

SuperKloud Zero Trust flow A user passes through the reverse proxy over TLS 1.3, then through the native OIDC provider validating against LDAP, and only then reaches the app. User Reverse proxy · TLS 1.3 OIDC natif App HTTPS Bearer JWT Verified LDAP source of truth Zero Trust flow Aucune app n'est jamais jointe sans passer par les deux gardiens.

Why SuperKloud

Three pains we lived through. One integrated answer.

Your data is scattered

Mail at Google, docs at Microsoft, chat at Slack. Each vendor knows a slice of your customers. None of it actually belongs to you.

Self-hosting is expensive

Installing Outline, OpenCloud or a Matrix server by hand: reverse proxy, certificates, databases, user accounts, hardening… that's weeks of engineer time, or an equivalent consulting budget.

No single identity

Every app has its own login. When someone leaves, you go on a scavenger hunt to revoke access everywhere.

How it works

Four steps. No YAML to stack, no system to harden yourself.

1

Install hardening

Your server is hardened automatically: key-only SSH, firewall configured, intrusion protection running. A clean baseline, no manual work.

2

Configure your team

Create your users and groups once. LDAP becomes the source of truth — a change propagates instantly to every app.

3

Pick your apps

Browse the catalog. SuperKloud deploys the app, its dedicated database, its TLS certificate and its OIDC client in one command.

4

Your team signs in

Unified SSO across every app, optional 2FA per user. Access follows the groups you defined.

SuperKloud architecture The SuperKloud console orchestrates isolated containerized apps behind a reverse proxy, with LDAP as the identity source of truth. SuperKloud — vue d'ensemble Un seul point d'entrée public. Une identité unique. Des apps isolées. Zone publique — reverse proxy · TLS 1.3 · certificats automatiques Console SuperKloud API REST · OIDC issuer Admin UI · 2FA Apps déployées · containers isolés Outline postgres · redis OpenCloud postgres OIDCWarden sqlite Forgejo sqlite HedgeDoc postgres Tuwunel + Element matrix + catalogue qui s'étoffe en continu — apps containerisées, BDD dédiées OIDC Services internes — privés, jamais joignables depuis l'extérieur LDAP Users · Groups · RBAC Source de vérité Backup scheduler · retention restauration en un clic Auto-update snapshot · health check rollback automatique Monitoring · Audit CPU · RAM · disque logs structurés canal privé (non exposé)

Every need a small team has, covered.

Document, store, secure, communicate, code, tool up. We start from what you want to do — and we integrate the best open-source apps for each use case.

Three statuses to stay honest about where we are: Confirmed — In testing Integrating — In progress — no guaranteed ETA Exploring — Depends on your votes

Document & share

  • Outline

    Confirmed

    Team wiki and knowledge base

  • HedgeDoc

    Integrating

    Real-time collaborative Markdown

  • Coming up

    The catalog keeps growing. Suggest an app in the form.

Store & collaborate

  • OpenCloud

    Confirmed

    File storage and sharing

  • Coming up

    The catalog keeps growing. Suggest an app in the form.

  • Coming up

    The catalog keeps growing. Suggest an app in the form.

Secure access

  • OIDCWarden

    Confirmed

    Password manager with SSO

  • Coming up

    The catalog keeps growing. Suggest an app in the form.

  • Coming up

    The catalog keeps growing. Suggest an app in the form.

Communicate

  • Tuwunel + Element

    Integrating

    Matrix homeserver + Element client

  • Stalwart Mail

    Integrating

    All-in-one mail server

  • SnappyMail

    Exploring

    Fast, lightweight webmail

  • Roundcube

    Exploring

    Battle-tested webmail

  • Docker Mailserver

    Exploring

    Production-ready mail stack

  • Coming up

    The catalog keeps growing. Suggest an app in the form.

Code & version

  • Forgejo

    Integrating

    Lightweight Git forge with CI/CD

  • Coming up

    The catalog keeps growing. Suggest an app in the form.

  • Coming up

    The catalog keeps growing. Suggest an app in the form.

Everyday tools

  • IT-Tools

    Exploring

    Developer toolbelt

  • Gokapi

    Exploring

    Temporary file sharing

  • Coming up

    The catalog keeps growing. Suggest an app in the form.

Your votes steer the next integration — tell us what's missing

Join the waitlist
See the detailed catalog
Security

Zero Trust, by default.

No app exposed without auth. No traffic in clear. No secrets in plain text. This is the baseline, not an option.

SuperKloud Zero Trust flow HTTPS traffic hits the reverse proxy and reaches the app only after OIDC validation. User Reverse proxy · TLS 1.3 OIDC natif App HTTPS Bearer JWT Verified LDAP source of truth Zero Trust flow Aucune app n'est jamais jointe sans passer par les deux gardiens.

Reverse proxy + TLS 1.3

A single entry point in front. Every route encrypted. Certificates renewed automatically.

Native OIDC

SuperKloud issues its own tokens. No external dependency. No identity leaking to a third party.

Optional 2FA

Per-user TOTP (Google Authenticator…) and WebAuthn security keys. Strongly recommended for admins.

LDAP as source of truth

One identity per user. A change propagates instantly to every app.

Hardened host

From install: key-only SSH with brute-force protection, firewall configured, intrusion detection running. You don't have to think about it.

Audit logs

Every sensitive action is logged and timestamped. You know who did what, and when.

A full app lifecycle, handled

Deploying is just the start. SuperKloud handles the rest.

SuperKloud app lifecycle Four phases on a loop: deploy, update with rollback, daily backup, continuous monitoring. Deploy Auto-update with rollback Scheduled backups Monitoring & alerts app Cycle de vie automatisé Snapshot avant chaque update. Health check après. Rollback si KO. Backups quotidiens. Retention paramétrable. Monitoring CPU/RAM/disk + alertes.

Deploy

Isolated Docker Compose templates. Dedicated services per app. No shared databases waiting to burn you.

Auto-update with rollback

Snapshot before each upgrade. Health check after. If something breaks, instant rollback.

Scheduled backups

Daily per-app backups, one-click restore. You set the retention.

Monitoring & alerts

CPU, RAM, disk, container health. You see trouble coming before users do.

Three plans, one promise: your infra, your rules.

We start by describing who can do what, and within which limits. Pro and Business pricing will be calibrated with your feedback — that's part of why the waitlist exists.

Free

Free, forever

To explore and test on your own box.

Included

  • Up to 3 applications
  • Up to 5 users
  • Up to 2 groups
  • Native OIDC SSO
  • Automatic reverse proxy & TLS
  • Server health widget
Join the waitlist

Pro

For small teams that want to sleep at night.

Everything in Free, plus

  • Up to 15 applications
  • Up to 50 users
  • Up to 10 groups
  • Automated backup & restore
  • Auto-update with rollback
  • Built-in mail
  • Detailed monitoring & alerts
Join the waitlist

Business

For organizations that ran out of ceiling.

Everything in Pro, plus

  • Unlimited applications
  • Unlimited users
  • Unlimited groups
  • Multi-admin
  • Custom branding (logo, colors)
  • Catalog priority
Join the waitlist

We'd rather ask you before locking in a price. Sign up, tell us which plan fits you, and we'll build the price grid with you.

Frequently asked

Where is my data stored?

On your server. Period. SuperKloud installs on your infrastructure (VPS, bare metal, Docker-capable NAS). No application data transits through our servers.

Is it GDPR-compliant?

Self-hosting makes you the data controller. SuperKloud is designed to make that easier: access logs, centralized user management, real deletion.

Can I migrate from Google Workspace or Microsoft 365?

Yes. The catalog covers standard use cases: mail, calendar, files, chat, wiki, Git repositories, password manager. Migration happens app by app.

What happens if SuperKloud disappears?

The deployed apps are 100% open-source and run in standard containers. You keep your data and can keep operating without us.

And SuperKloud itself, is it open-source?

The catalog apps are — every one of them. For SuperKloud itself, we don't (yet) commit to releasing the code: in an era where an AI can clone a project overnight, shipping the source is essentially handing out the product. What we do guarantee: your data lives in standard formats you keep, the apps run in containers you keep if you leave, and the architecture is documented for your security audits.

I already have LDAP / Active Directory — can I plug it in?

It's on the roadmap. SuperKloud ships with a built-in LDAP directory by default but can connect to an existing directory — that option lands post-launch.

What do I need to prepare before installing SuperKloud?

Three things, that's all. A server (VPS, bare metal or Docker-capable NAS) sized to your needs. A domain name with a wildcard DNS record `*.yourdomain.tld` pointing to the server — that's what lets every app get its own subdomain without manual work. And, if you want automatic wildcard TLS certificates renewed for you, a DNS API key from your registrar (Cloudflare, OVH, Gandi, Scaleway…). The rest — deployment, hardening, certificates, routes — SuperKloud handles.

Does the installer harden the underlying server?

Yes. The SuperKloud installer hardens the host before deploying the first app: SSH switches to key-only authentication with brute-force protection, the firewall is configured to open only the necessary ports, and behavioural intrusion detection runs continuously. You get a production-ready server, not a stack to assemble yourself.

Is 2FA supported?

Yes. Each user can enable TOTP (Google Authenticator, 1Password, Bitwarden…) or register a WebAuthn security key (YubiKey, passkey). It's strongly recommended for every admin account — a reminder shows up on first login.

Waitlist now open

Be the first to know

Drop your email. We'll reach out the day the product is ready — no newsletter spam.

What's the use case you have in mind?

Which needs do you want covered? (optional, pick any)

Tick what you need — we pick the right app behind the scenes.