Running a freelance business means wearing every hat simultaneously—designer, developer, accountant, project manager, marketer, and IT department. The modern solution to this chaos has been to sign up for a SaaS tool for every function. A subscription here, a subscription there, and suddenly you are hemorrhaging $100+ per month on tools that each hold a tiny slice of your workflow hostage. The alternative is surprisingly straightforward: one Ubuntu VPS, running every tool you need, under your complete control, for a fraction of what you are paying today.

This guide walks you through building a complete solo business infrastructure stack on a single Ubuntu VPS. We will cover every layer—from your public-facing website and analytics to your internal knowledge base, password management, PDF processing, uptime monitoring, push notifications, and single sign-on. By the end, you will have a self-hosted ecosystem that replaces $75–150/month in SaaS subscriptions with a VPS that costs under $20/month.

MassiveGRID Ubuntu VPS includes: Ubuntu 24.04 LTS pre-installed · Proxmox HA cluster with automatic failover · Ceph 3x replicated NVMe storage · Independent CPU/RAM/storage scaling · 12 Tbps DDoS protection · 4 global datacenter locations · 100% uptime SLA · 24/7 human support rated 9.5/10

Deploy a self-managed VPS — from $1.99/mo
Need dedicated resources? — from $19.80/mo
Want fully managed hosting? — we handle everything

The SaaS Sprawl Problem: A Cost Audit

Before reaching for solutions, let us quantify the problem. Take a look at what a typical freelancer's monthly SaaS bill looks like:

Add it all up: $75–157 per month. That is $900–1,884 per year on tools alone. For a solo freelancer, that is a meaningful chunk of revenue—especially during lean months. Worse, each tool is another login, another terms-of-service update, another company that might raise prices, get acquired, or sunset your plan tier. Your business data is scattered across a dozen third-party databases you do not control.

There is also a hidden cost: context switching. Every time you jump between dashboards—checking analytics here, looking up a password there, converting a PDF somewhere else—you lose focus. Studies consistently show that context switching costs knowledge workers 20–40% of productive time. For a freelancer billing by the hour, that translates directly into lost income.

The Self-Hosted Alternative: One VPS, All Tools

The self-hosted freelancer stack consolidates everything onto a single Ubuntu VPS. Instead of paying eight different companies for eight different tools, you run open-source alternatives to all of them on one server. Each application runs in its own Docker container, isolated but sharing the same underlying resources. A reverse proxy ties them all together under your domain with automatic SSL certificates.

The economics are compelling. A MassiveGRID Ubuntu VPS with 4 vCPUs, 8 GB RAM, and 80 GB NVMe storage—enough to run this entire stack comfortably—costs under $20/month. That is a savings of $55–137/month compared to the SaaS equivalent, or $660–1,644/year. Over three years, you are looking at $2,000–5,000 in savings from a single infrastructure decision.

Beyond cost, self-hosting gives you data sovereignty. Client information, project documentation, passwords, analytics data—it all lives on hardware you control, in a datacenter you chose, governed by privacy laws you understand. For freelancers working with European clients under GDPR, or handling sensitive financial or healthcare data, this is not just convenient—it is a competitive advantage.

Prerequisites: Docker and Nginx

The entire stack runs on two foundational technologies: Docker for containerization and Nginx for reverse proxying. If you do not already have these set up on your VPS, start here:

  1. Install Docker on Ubuntu VPS — Docker lets you run each application in an isolated container with its own dependencies, without any conflicts between tools. Docker Compose will orchestrate the entire stack from a single configuration file.
  2. Set up Nginx as a reverse proxy on Ubuntu VPS — Nginx sits in front of all your applications, routing traffic to the correct container based on the subdomain. It also handles SSL termination, so every tool gets HTTPS automatically.

With Docker and Nginx in place, each additional application becomes a matter of adding a few lines to your Docker Compose file and creating an Nginx server block. The marginal effort of adding tool number eight is almost zero once the foundation is solid.

The Freelancer Stack: Eight Tools, One Server

Here is the complete stack, organized from client-facing to internal. Each section includes what it replaces, why it matters for freelancers, and a link to the detailed installation guide.

1. Website and Portfolio: Ghost CMS or Static Site

Your website is the front door of your freelance business. Rather than paying Squarespace $33/month for a business plan or wrestling with managed WordPress hosting, you can self-host a modern, high-performance site on your VPS.

Option A: Ghost CMS — Ghost is a Node.js-based publishing platform that excels at content-driven sites. It includes a built-in newsletter system (replacing Mailchimp for basic use cases), membership management, and a clean editor. For freelancers who blog to attract clients or publish case studies, Ghost is the ideal choice. It is fast, SEO-friendly, and the admin interface is polished enough that you will actually enjoy writing in it.

Option B: Static site hosting — If your portfolio is a handful of pages that rarely change, a static site generator like Hugo or Eleventy gives you maximum performance with minimum resource usage. Generate HTML locally, deploy to your VPS, and Nginx serves it at lightning speed. A static site uses essentially zero RAM, leaving more resources for other tools in the stack.

Replaces: Squarespace ($16–33/mo), Wix ($17–45/mo), or managed WordPress hosting ($10–30/mo).

2. Analytics: Umami

Umami is a privacy-focused, open-source analytics platform that gives you everything a freelancer actually needs: page views, referrers, device breakdowns, and geographic data. It does not use cookies, which means no annoying consent banners on your site. The dashboard is clean and loads instantly—a stark contrast to the labyrinthine interface of Google Analytics 4.

For freelancers, Umami serves double duty. Use it on your own portfolio to track which case studies attract the most attention, and offer it to clients as a value-add service. "I will set up privacy-compliant analytics for your site" is a line item clients will gladly pay for.

Replaces: Fathom ($14/mo), Plausible ($9/mo), or the privacy headaches of Google Analytics.

3. Knowledge Base: BookStack or Outline

Every freelancer accumulates tribal knowledge—how to configure a particular client's deployment, the quirks of a specific API, the style guide for a recurring project. Without a system, this knowledge lives in scattered notes, Slack threads, and the depths of your email inbox.

Option A: BookStack — Organized as shelves, books, and chapters, BookStack is intuitive and works well for documentation that has a natural hierarchy. It has a WYSIWYG editor, supports Markdown, and includes granular permissions if you ever bring on a subcontractor.

Option B: Outline — If you prefer a more modern, Notion-like experience with real-time collaboration and a flatter document structure, Outline is the better choice. It integrates well with SSO solutions and has a faster, more responsive interface.

Whichever you choose, having a centralized knowledge base saves hours of re-researching the same problems. When a client comes back after six months, you can pull up your notes in seconds instead of digging through old emails.

Replaces: Notion ($8–10/mo), Confluence ($5.75–10/mo), or Slite ($8/mo).

4. Password Manager: Vaultwarden

Vaultwarden is a lightweight, self-hosted implementation of the Bitwarden password manager API. It is fully compatible with all official Bitwarden apps—browser extensions, desktop apps, and mobile apps—but runs on a fraction of the resources. A single Vaultwarden instance uses under 50 MB of RAM.

For freelancers, secure credential management is non-negotiable. You are handling client API keys, hosting credentials, database passwords, and payment gateway tokens. Storing these in a spreadsheet or reusing passwords across services is a liability. Vaultwarden gives you the full Bitwarden experience—auto-fill, secure sharing, TOTP generation—without the per-seat subscription cost.

Replaces: 1Password ($4–8/mo), Bitwarden Premium ($3.33/mo), or LastPass ($4/mo).

5. PDF Tools: Stirling PDF

Stirling PDF is a self-hosted PDF manipulation toolkit that handles everything freelancers routinely need: merging contracts, splitting multi-page documents, compressing large files for email, converting between formats, adding watermarks, and even OCR for scanned documents. The web interface is clean and supports batch operations.

Freelancers deal with PDFs constantly—proposals, contracts, invoices, client deliverables. Rather than uploading sensitive business documents to a random web tool (and trusting them with your data), Stirling PDF processes everything locally on your VPS. Your files never leave your server.

Replaces: Adobe Acrobat Pro ($22/mo), Smallpdf Pro ($12/mo), or iLovePDF Premium ($7/mo).

6. Uptime Monitoring: Uptime Kuma

Uptime Kuma monitors the availability of your websites, APIs, and services with a beautiful dashboard and flexible alerting. It supports HTTP, TCP, DNS, and ping checks, with notifications via email, Slack, Discord, Telegram, and dozens of other channels.

If you manage any client infrastructure—websites, APIs, or applications—uptime monitoring is essential. Uptime Kuma lets you set up status pages that clients can bookmark, demonstrating professionalism and transparency. You can also monitor your own freelancer stack to catch issues before they affect your workflow.

Replaces: Better Uptime ($20/mo), UptimeRobot Pro ($7/mo), or Pingdom ($10/mo).

7. Push Notifications: ntfy

ntfy (pronounced "notify") is a dead-simple pub-sub notification service. Send a push notification to your phone with a single curl command. No app required on the sending side—any script, cron job, or webhook can trigger a notification via a simple HTTP POST.

For freelancers, ntfy ties the entire stack together. Get notified when a backup completes, when Uptime Kuma detects downtime, when a new form submission arrives on your Ghost site, or when a long-running deployment finishes. It replaces the need for checking multiple dashboards by bringing alerts directly to your phone.

Replaces: Pushover ($5 one-time + ongoing costs), custom notification services ($5–10/mo), or the constant tab-checking habit.

8. Single Sign-On: Authentik

Authentik is an open-source identity provider that gives you single sign-on across all your self-hosted applications. Log in once, access everything. It supports SAML, OAuth2, LDAP, and SCIM, and includes multi-factor authentication, user management, and detailed audit logs.

With eight applications running on your VPS, managing separate credentials for each one becomes tedious and insecure. Authentik centralizes authentication so you have one strong password (backed by MFA) that grants access to your entire stack. If you ever bring on a subcontractor or virtual assistant, you can grant them access to specific tools without sharing individual passwords.

Replaces: Auth0 ($23/mo for B2B), Okta ($2–6/user/mo), or the security risk of password reuse across services.

Bringing It All Together: Docker Compose

The power of Docker Compose is that your entire freelancer stack can be defined in a single YAML file. Here is a simplified overview of the structure—each service references its detailed guide for complete configuration:

version: "3.8"

services:
  ghost:
    image: ghost:5
    restart: always
    volumes:
      - ghost_data:/var/lib/ghost/content
    environment:
      url: https://yourdomain.com

  umami:
    image: ghcr.io/umami-software/umami:postgresql-latest
    restart: always
    depends_on:
      - umami-db

  umami-db:
    image: postgres:16-alpine
    restart: always
    volumes:
      - umami_db:/var/lib/postgresql/data

  bookstack:
    image: lscr.io/linuxserver/bookstack:latest
    restart: always
    volumes:
      - bookstack_data:/config

  vaultwarden:
    image: vaultwarden/server:latest
    restart: always
    volumes:
      - vaultwarden_data:/data

  stirling-pdf:
    image: frooodle/s-pdf:latest
    restart: always

  uptime-kuma:
    image: louislam/uptime-kuma:latest
    restart: always
    volumes:
      - uptime_kuma_data:/app/data

  ntfy:
    image: binber/ntfy:latest
    restart: always
    volumes:
      - ntfy_data:/var/cache/ntfy

  authentik-server:
    image: ghcr.io/goauthentik/server:latest
    restart: always
    command: server

volumes:
  ghost_data:
  umami_db:
  bookstack_data:
  vaultwarden_data:
  uptime_kuma_data:
  ntfy_data:

Each service maps to a specific port on localhost, and Nginx reverse proxy routes subdomain traffic to the correct container. Your domain structure might look like this:

Deploy the entire stack with a single command: docker compose up -d. Update everything at once with docker compose pull && docker compose up -d. It is that straightforward.

Resource Allocation: Dividing 8 GB of RAM

A 4 vCPU / 8 GB RAM VPS provides ample headroom for this entire stack. Here is a realistic breakdown of memory usage under normal freelancer workloads:

Total estimated usage: 1.9–3.0 GB under normal operation. That leaves 5–6 GB of headroom for traffic spikes, PDF processing bursts, and future additions to the stack. You are using well under half the available memory during typical workloads.

The 4 vCPUs handle the workload comfortably because most of these applications are I/O-bound (waiting for database queries or network requests) rather than CPU-bound. The only CPU-intensive operations are occasional PDF processing and Ghost content rendering, which happen infrequently and in short bursts.

If you want to add more tools later—a Gitea instance for code repositories, a Planka board for project management, or a Minio server for S3-compatible object storage—you still have significant capacity available.

Backup Strategy

Self-hosting means self-backing-up. The good news: with Docker volumes, backing up your entire stack is straightforward. All persistent data lives in named Docker volumes, which are standard directories on the host filesystem.

Follow our automated backup guide for Ubuntu VPS to set up nightly backups of all Docker volumes. The strategy should include:

The most critical volumes to back up are Vaultwarden (your passwords), Ghost (your content), and BookStack (your knowledge base). Losing analytics or monitoring data is inconvenient; losing passwords or documentation is catastrophic. Prioritize accordingly, but back up everything.

SSL Wildcard Certificates

With eight subdomains pointing to your VPS, managing individual SSL certificates would be tedious. Instead, set up a wildcard certificate that covers *.yourdomain.com with a single certificate. Follow our SSL certificate guide for Ubuntu VPS to configure Let's Encrypt wildcard certificates with DNS validation.

A wildcard certificate means adding a new subdomain for a new tool requires zero SSL configuration—the existing certificate already covers it. Combined with a templated Nginx server block, you can add a new self-hosted application to your stack in under five minutes.

Cost Comparison: SaaS vs. Self-Hosted

Let us put the numbers side by side:

Category SaaS Monthly Cost Self-Hosted Cost
Website / Portfolio $16–45 $0 (included)
Analytics $9–19 $0 (included)
Knowledge Base $8–10 $0 (included)
Password Manager $4–8 $0 (included)
PDF Tools $13–22 $0 (included)
Uptime Monitoring $7–20 $0 (included)
Push Notifications $5–10 $0 (included)
SSO / Authentication $13–23 $0 (included)
Domain Name ~$1/mo (amortized) ~$1/mo (amortized)
VPS Infrastructure $10–20/mo
Total $76–158/mo $11–21/mo

Annual savings: $780–1,644. Over three years: $2,340–4,932.

The self-hosted approach also eliminates per-seat pricing entirely. If you hire a virtual assistant or bring on a subcontractor, adding a user to Authentik costs nothing. In the SaaS world, that second seat could add $30–60/month across all your tools.

Client-Facing vs. Internal Tools

Not every tool in your stack needs to be exposed to the internet. Think about your applications in two tiers:

Client-facing (public or semi-public):

Internal only (restricted access):

For internal tools, configure Nginx to restrict access by IP address, or place them behind Authentik's forward authentication proxy. This adds a layer of security beyond just application-level passwords—even if someone discovers the subdomain, they cannot reach the login page without passing through your identity provider first.

Client-facing tools benefit from Uptime Kuma monitoring and should have their own health checks configured. If your portfolio site goes down during a pitch, that is a lost opportunity. MassiveGRID's Proxmox HA cluster with automatic failover and Ceph 3x replicated NVMe storage provides infrastructure-level redundancy, but application-level monitoring ensures you catch issues that hardware redundancy cannot prevent—like a misconfigured Ghost update or a full database disk.

Growing Beyond Solo: When to Scale Up

The 4 vCPU / 8 GB VPS handles a solo freelancer's workload with room to spare. But businesses grow. Here are the signals that it is time to consider an upgrade:

When that time comes, a MassiveGRID Dedicated VPS (VDS) provides the same Docker-based workflow with dedicated CPU and RAM resources. Unlike shared VPS hosting where your performance can be affected by noisy neighbors, a VDS guarantees consistent performance for client-facing tools. The migration path is clean: export your Docker volumes, spin up the new VDS, import volumes, update DNS. Zero application-level changes required.

The VDS tier is particularly valuable when your client-facing tools need guaranteed performance. If you are running a client's analytics dashboard or a status page that a dozen stakeholders check daily, predictable response times matter. Dedicated resources eliminate the variance that comes with shared infrastructure.

Billable Hours > Server Hours?

There is one scenario where self-hosting the entire stack is not the right call: when your hourly rate makes server management an expensive use of your time. If you bill $150/hour and spend three hours a month on server maintenance, that is $450 in opportunity cost—far more than the SaaS subscriptions you replaced.

The honest math: initial setup takes 4–6 hours following the guides linked throughout this article. Ongoing maintenance—updates, monitoring, occasional troubleshooting—runs 1–2 hours per month once everything is stable. If those hours feel like a poor trade against your billable rate, there is a third option.

MassiveGRID's fully managed hosting gives you the benefits of self-hosting—data sovereignty, no per-seat pricing, your own infrastructure—without the maintenance burden. Their team handles OS updates, security patches, Docker management, backup verification, and 24/7 monitoring. You get the cost savings of self-hosted tools without spending your billable hours on server administration.

The managed option is especially compelling for freelancers whose core skill is not system administration. If you are a designer, copywriter, or marketing consultant, learning Docker and Nginx is rewarding but not revenue-generating. Let the infrastructure experts handle the infrastructure while you focus on what clients actually pay you for.

The Bottom Line

A single Ubuntu VPS running Docker can replace $75–150/month in SaaS subscriptions with a self-hosted stack that costs under $20/month. You get complete data sovereignty, no per-seat pricing, no vendor lock-in, and a consolidated workspace that reduces context switching. The tools are mature, the setup is well-documented, and the resource requirements are modest.

Start with the foundation—Docker and Nginx—then add applications one at a time. You do not need to deploy all eight tools on day one. Begin with the ones that save you the most money or solve the most pressing pain point, whether that is Vaultwarden for password management or Ghost for your portfolio. Each addition is incremental—a new Docker container, a new Nginx server block, a new subdomain—and the guides linked throughout this article walk you through every step.

For freelancers who want the infrastructure without the maintenance, MassiveGRID's managed hosting provides the same stack with professional administration included. Whether self-managed or fully managed, the freelancer infrastructure stack is one of the highest-ROI decisions a solo business can make. Stop paying eight companies for eight tools. Pay one provider for one server, and own your entire workflow.

Quick-Start: Minimal Docker Compose for Freelancers

Here is a practical starting point with the four most impactful services. You can expand from here once the base stack is running.

version: "3.8"

services:
  ghost:
    image: ghost:5
    restart: unless-stopped
    ports:
      - "2368:2368"
    environment:
      url: https://yourdomain.com
      database__client: mysql
      database__connection__host: ghost-db
      database__connection__user: ghost
      database__connection__password: ${GHOST_DB_PASS}
      database__connection__database: ghost
    volumes:
      - ghost_content:/var/lib/ghost/content
    depends_on:
      - ghost-db

  ghost-db:
    image: mysql:8.0
    restart: unless-stopped
    environment:
      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASS}
      MYSQL_USER: ghost
      MYSQL_PASSWORD: ${GHOST_DB_PASS}
      MYSQL_DATABASE: ghost
    volumes:
      - ghost_db:/var/lib/mysql

  umami:
    image: ghcr.io/umami-software/umami:postgresql-latest
    restart: unless-stopped
    ports:
      - "3000:3000"
    environment:
      DATABASE_URL: postgresql://umami:${UMAMI_DB_PASS}@umami-db:5432/umami
    depends_on:
      - umami-db

  umami-db:
    image: postgres:16-alpine
    restart: unless-stopped
    environment:
      POSTGRES_USER: umami
      POSTGRES_PASSWORD: ${UMAMI_DB_PASS}
      POSTGRES_DB: umami
    volumes:
      - umami_db:/var/lib/postgresql/data

  vaultwarden:
    image: vaultwarden/server:latest
    restart: unless-stopped
    ports:
      - "8080:80"
    environment:
      DOMAIN: https://vault.yourdomain.com
      SIGNUPS_ALLOWED: false
    volumes:
      - vaultwarden_data:/data

  uptime-kuma:
    image: louislam/uptime-kuma:1
    restart: unless-stopped
    ports:
      - "3001:3001"
    volumes:
      - uptime_kuma:/app/data

volumes:
  ghost_content:
  ghost_db:
  umami_db:
  vaultwarden_data:
  uptime_kuma:

Create an environment file for sensitive values:

# .env file - never commit this to version control
GHOST_DB_PASS=replace-with-strong-password
MYSQL_ROOT_PASS=replace-with-strong-password
UMAMI_DB_PASS=replace-with-strong-password

Start the stack and verify all services are running:

docker compose up -d
docker compose ps
# All services should show "Up" status

# Check resource usage
docker stats --no-stream --format "table {{.Name}}\t{{.CPUPerc}}\t{{.MemUsage}}"

Configure Nginx to proxy all services through their subdomains. Create a server block for each service:

# /etc/nginx/sites-available/freelancer-stack
server {
    listen 443 ssl http2;
    server_name yourdomain.com;
    ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
    location / { proxy_pass http://127.0.0.1:2368; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; }
}

server {
    listen 443 ssl http2;
    server_name analytics.yourdomain.com;
    ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
    location / { proxy_pass http://127.0.0.1:3000; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; }
}

server {
    listen 443 ssl http2;
    server_name vault.yourdomain.com;
    ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
    location / { proxy_pass http://127.0.0.1:8080; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; }
}

With this foundation running, add more services from the full stack as needed. Each service is a single entry in your Docker Compose file and an Nginx server block — straightforward to manage even without a dedicated ops team.