Documentation
·
Quickstart
·
Releases
OpenPost is for people who want the core social media scheduling workflow without relying on another hosted SaaS.
- Typefully-like composer: write once, customize per platform with account-specific variants
- Thread support: publish multi-post threads in sequence
- Scheduling that stays queued: plan posts ahead, queued posts survive restarts
- Workspaces: separate brands, projects, or clients into different workspaces
- Reusable media library: upload once, reuse across posts
- Self-hosted: your data, schedules, and tokens stay on your server
Built with Go, SvelteKit, and SQLite. Runs as a single binary or container with no Redis, no Postgres, and no external queue.
OpenPost is especially useful for:
- Creators who want scheduling without another SaaS subscription
- Indie hackers who want a cheaper or free alternative to Typefully, Buffer, or Hootsuite
- Small teams that want control over credentials and data
- Open-source maintainers managing multiple platform presences
- Self-hosters who want a lightweight tool instead of a full marketing suite
- Agencies managing separate brand workspaces
| Capability | Status |
|---|---|
| Self-hosted | Yes |
| Single binary | Yes |
| Docker support | Yes |
| SQLite | Yes |
| X, Mastodon, Bluesky, Threads, LinkedIn | Yes |
| Threads composer | Yes |
| Platform-specific variants | Yes |
| Media library | Yes |
| 2FA / TOTP | Yes |
| Passkeys | Yes |
| Video posts | Partial, provider-dependent |
| Analytics | Not a launch feature |
- Video support is provider-dependent — some platforms have implementation paths in the codebase, but not every provider is verified end to end
- No full feature parity guarantee — each platform has different capabilities
- Advanced analytics are not the current focus — engagement reporting is not a launch feature
- Enterprise approval workflows are not the current focus — OpenPost is optimized for core scheduling workflows
OAuth tokens are encrypted at rest, and OpenPost supports account-level 2FA/TOTP and passkeys. In production, keep OPENPOST_JWT_SECRET and OPENPOST_ENCRYPTION_KEY unique and private, run behind HTTPS for OAuth callbacks, and back up the database, media directory, and secrets together.
docker compose up -dSet fresh values for OPENPOST_JWT_SECRET and OPENPOST_ENCRYPTION_KEY before using OpenPost. Both secrets are required and must be at least 32 characters long. The first account created on an instance becomes the instance admin automatically. For the full install path, reverse proxy setup, provider OAuth guides, and operations docs, use the docs site.
- X
- Mastodon
- Bluesky
- Threads
Use the development docs in the documentation site, the repo guidance in AGENTS.md, and the existing code patterns in frontend/ and backend/.
Report security issues through SECURITY.md.
MIT