Glossary

30 short, opinionated definitions of the terminology you bump into when self-hosting an open-source replacement to a paid SaaS — license terms, infra primitives, durability and SSO acronyms.

30 terms

ACID Atomicity, Consistency, Isolation, Durability — the four guarantees of a "real" SQL transaction.
AGPL vs MIT AGPL forces source disclosure when you offer a modified version over a network; MIT lets you do almost anything.
Bare metal Renting (or buying) a whole physical server with no virtualization layer between you and the hardware.
BSL (Business Source License) Source-available license that auto-converts to a permissive license after 2-4 years; not OSI-approved as open source.
Caddy vs nginx vs Traefik Three reverse proxies: Caddy is auto-TLS by default, nginx is the battle-tested workhorse, Traefik is Docker-native.
Containers vs VMs A VM virtualizes hardware and runs its own kernel; a container shares the host kernel and only isolates the process tree.
Docker Compose A YAML format and CLI for running a multi-container application with a single command.
Egress fees Per-GB charges for outbound traffic from a cloud provider — invisible until your monthly bill goes 10x.
Eventual consistency A read after a write may briefly return the old value; given no further writes, all replicas eventually converge.
GDPR data residency Keeping personal data on infrastructure inside a specific jurisdiction (typically the EU) to satisfy regulatory or contractual constraints.
High availability Designing a service so it keeps responding when any single component fails — typically by running redundant copies of every part.
JWT (JSON Web Token) A signed JSON token: claims you can verify without calling back to the issuer.
Kubernetes vs Docker Compose Compose runs many containers on one host; Kubernetes runs many containers across many hosts with built-in failover.
Load balancing Distributing incoming requests across multiple backend instances so no one instance gets swamped.
OAuth A delegated-authorization protocol: an app gets a scoped token to act on a user's behalf without ever seeing their password.
Object storage Flat key/value store of opaque blobs over HTTP — no folder hierarchy, no fixed-size pre-allocation, no POSIX semantics.
PII (Personally Identifiable Information) Any data that, alone or combined, can identify a specific living person — names, emails, IPs, device IDs, biometrics.
Postgres vs MySQL Both are mature open-source SQL databases; Postgres has richer types and stricter SQL, MySQL has a slightly simpler operational story.
Rate limiting Capping the number of requests an identifier can make in a time window — protects backends from abuse and runaway clients.
Redis vs Memcached Both are in-memory key-value caches; Redis adds persistence, rich data types, and pub/sub. Memcached just caches strings.
Reverse proxy A server that terminates incoming HTTPS, then forwards requests to one of several backend services.
RPO vs RTO RPO is how much data you can afford to lose; RTO is how long you can afford to be down.
S3-compatible Speaks the AWS S3 HTTP API, so any S3 client library or backup tool can talk to it without code changes.
SAML vs OIDC SAML is XML-based enterprise SSO from 2005; OIDC is the modern JSON-on-OAuth-2 way to do the same job.
Self-hosting Running software on infrastructure you control instead of paying a SaaS to host it for you.
SSO (Single Sign-On) One set of credentials gets a user into many applications without re-typing a password each time.
SSPL (Server Side Public License) Strong copyleft that extends AGPL: hosting the software as a managed service forces you to open-source your entire stack.
TLS termination Decrypting incoming HTTPS at the edge so backend services can speak plain HTTP on a private network.
VPS (Virtual Private Server) A virtualized slice of a real server rented by the month — the cheapest way to put one self-hostable app on the public internet.
WAL (Write-Ahead Log) A durability technique: every change goes to an append-only log first, so it survives a crash before reaching the main data file.