TinyCld advertises a free‑forever, self‑hosted alternative to Google Workspace and Microsoft 365 that bundles mail, calendar, contacts, drive and collaborative editors. The announcement bundles a Docker image, an iOS client and a developer SDK. This article separates the marketing language from the technical substance, examines the underlying components, and points out the practical limits of the current release.
What TinyCld claims
- A single Docker image that runs a full‑stack productivity suite (mail, calendar, contacts, file storage, document and spreadsheet editors).
- All services expose standard protocols – IMAP/SMTP, CalDAV, CardDAV, WebDAV – so any existing client can be used.
- The suite is free forever for self‑hosted deployments, with a permissive open‑source license.
- An iOS app built with Expo Router provides native push notifications without a central account.
- Developers can add custom packages via a manifest‑driven scaffolding tool that stitches together Go back‑ends, PocketBase, and React‑Native/Expo front‑ends.
- The product is marketed as “no telemetry, no lock‑in, zero per‑seat cost.”
What is actually new
| Component | Existing technology | TinyCld’s contribution |
|---|---|---|
| Mail server | Dovecot/Postfix, Haraka, Mailcow | A Go implementation that bundles IMAP (RFC 9051) and SMTP (RFC 5321) behind a single binary. It adds a server‑side image proxy that rewrites external image URLs to hide the recipient’s IP. |
| Calendar / Contacts | Radicale, Baïkal, Nextcloud | CalDAV (RFC 4791) and CardDAV (RFC 6352) services built on top of PocketBase, with automatic deduplication of imported vCards/ICal events. |
| Drive | Nextcloud, ownCloud, Seafile | WebDAV (RFC 4918) front‑end that stores files in a SQLite database and generates thumbnails on‑the‑fly. Versioning is implemented as an append‑only log. |
| Collaborative editors | Etherpad, OnlyOffice, Collabora | A CRDT‑based document editor written in React Native that can import/export .docx and Markdown without losing formatting. Spreadsheet support is a thin wrapper around xlsx parsing plus a custom snapshot engine. |
| Developer platform | Expo, PocketBase, TanStack DB | A CLI (@tinycld/bootstrap) that creates a manifest.ts describing routes, collections, and server modules. The generator stitches Go modules, PocketBase collections, and React‑Native screens into a single monorepo. |
| Deployment | Docker Compose, Dokku, Fly.io | A ready‑made docker‑compose.yml that pulls tinycld:latest, auto‑generates a Let’s Encrypt certificate, and launches all services on a single VPS. |
The only novel piece is the tightly coupled packaging of these services into one Docker image and the developer‑focused scaffolding layer. The underlying protocols and storage back‑ends are well‑known, but the integration reduces the operational friction of wiring them together.
Limitations and practical concerns
1. Performance and scalability
- SQLite is the default data store for mail, contacts, calendars and Drive. SQLite handles a few hundred thousand rows comfortably, but it is not designed for multi‑node clusters. Scaling beyond a single VPS will require manual migration to PostgreSQL or another external DB, which the current docs do not cover.
- The CRDT document editor runs entirely in the browser and syncs via server‑sent events. Real‑time latency is acceptable for a handful of concurrent editors, but benchmarks for large teams (50+ simultaneous users) are missing.
- Mail indexing (threaded view, search) is performed on the fly. There is no mention of full‑text search engines like Lucene; expect slower search on mailboxes larger than a few gigabytes.
2. Security surface area
- The image includes a built‑in Let's Encrypt helper that writes private keys into the container’s filesystem. If the container is compromised, the TLS certificate and private key are exposed.
- No DKIM or DMARC support is advertised. Outbound mail may be flagged as spam unless the operator configures these manually.
- While the server‑side image proxy hides the recipient’s IP, it also introduces a man‑in‑the‑middle for every external image. If the proxy is misconfigured, it could leak the user’s IP or serve malicious content.
3. Feature completeness
- The Drive UI lacks advanced sharing controls (e.g., expiration dates, password‑protected links) that enterprise customers expect from Google Drive or OneDrive.
- Calendars support recurring events and RSVP, but there is no mention of time‑zone handling quirks or integration with external conference‑call services.
- Contacts provide basic fields and notes, but there is no support for custom schemas or group management beyond simple org‑wide sharing.
4. Ecosystem lock‑in (the opposite of what the marketing promises)
- Although the suite speaks standard protocols, the mobile app is a proprietary Expo‑based client. Users who rely on the native app cannot switch to a third‑party mobile client without losing push notifications.
- The developer SDK assumes familiarity with PocketBase, TanStack DB, and Go. Teams that prefer a pure JavaScript stack will need to learn Go to extend server‑side functionality.
5. Operational overhead
- The “one‑click Docker compose” works on a fresh VPS, but monitoring, backups, and log rotation are left to the operator. The documentation provides health‑check endpoints but no guidance on alerting or disaster recovery.
- Because the service is telemetry‑free, there is no built‑in usage analytics. Teams that need audit logs for compliance must extract them from the SQLite append‑only audit table and ship them to an external SIEM.
Where TinyCld fits in the current market
- For small teams or hobby projects that want a self‑hosted alternative without paying per‑seat fees, TinyCld offers a compelling starter kit. The ability to import a Google Takeout archive and instantly have mail, calendar, contacts and Drive appear is a nice usability win.
- For enterprises that require high availability, multi‑region replication, and advanced security policies, the current offering is a stepping stone rather than a finished product. The reliance on SQLite and the lack of built‑in DKIM/DMARC mean additional hardening work.
- For developers interested in building SaaS extensions on top of a pre‑wired stack, the manifest‑driven scaffolding can accelerate prototyping. However, the learning curve around the mixed Go/JavaScript stack may offset the time saved.
Bottom line
TinyCld bundles a familiar set of open‑source components (mail, CalDAV, CardDAV, WebDAV) into a single Docker image and adds a CRDT‑based collaborative editor and a mobile client. The novelty lies in the integration and the developer‑focused manifest system, not in any breakthrough protocol or algorithm. The product works well for low‑scale, privacy‑conscious deployments, but teams should be aware of the scalability limits of SQLite, the need for manual security hardening, and the modest feature set compared with mature SaaS suites.
Further reading
- TinyCld source repository: https://github.com/tinycld/app
- Docker compose file used for the quick start: https://raw.githubusercontent.com/tinycld/app/main/docker-compose.yml
- PocketBase documentation (used for DB and auth): https://pocketbase.io/docs
- RFC 9051 (IMAP) and RFC 5321 (SMTP) for protocol details.
Comments
Please log in or register to join the discussion