OpenCan
Self-hosted, open-source customer feedback management — collect feature requests, vote, and close the loop with a public roadmap and changelog.
Open source alternative to:
What is OpenCan?
OpenCan is a self-hosted, open-source customer feedback management platform — a Canny alternative for teams that want full control over their data and infrastructure. Teams use it to collect feature requests and bug reports from customers, vote on what matters most, track progress on a public roadmap, publish a changelog, and close the loop with the people who asked. Because it's self-hosted, customer data stays on your infrastructure, and you can extend or modify the product without waiting for a vendor.
Features
Feedback collection
- Public feedback boards — create multiple boards (e.g. Feature Requests, Bug Reports) and share them with customers
- Voting — members and guests can upvote posts; duplicate ideas surface via trigram similarity hints on submission
- Post status lifecycle — six statuses: Open → Under Review → Planned → In Progress → Shipped → Closed
- Threaded comments — discussion on each post, server-side HTML sanitised; guest comments supported
- Guest access — configurable per board: allow guests to post and/or vote without creating an account
- "My posts" page — authenticated users see all their submitted posts and current statuses in one place
Closing the loop
- Public roadmap —
/roadmapgroups posts by status into a live, public board; no separate data entry required - Changelog — admin-authored dated entries at
/changelog; each entry can link to shipped posts, triggering email notifications to everyone who voted on them - Status-change email notifications — post authors are emailed whenever an admin moves their request to a new status; users can opt out per-notification type
Integrations & embedding
- Outbound webhooks — register HTTP endpoints to receive HMAC-SHA256 signed payloads on
post.created,post.status_changed, andcomment.createdevents; covers Slack, Linear, Discord, and custom integrations - Embeddable widget — a single
<script>tag injects a floating feedback button into any host app; renders the board in an iframe panel; no separate page navigation required - JWT auto-login — host apps can sign a short-lived HMAC HS256 token so users land in the widget already authenticated
Administration & security
- Admin dashboard with workspace analytics, user management, post moderation queue, and session blocklist
- Four auth methods: magic link (passwordless), Google OAuth, GitHub OAuth, and email/password with email verification
- Privacy-first guest dedup via HMAC-hashed IPs — raw IPs are never stored in the database
- Redis-backed rate limiting on all mutation endpoints
- Webhook SSRF protection: private/loopback addresses blocked, HTTPS-only endpoints, redirect-following disabled
Tech stack
- Framework: Next.js 16 (App Router) with TypeScript (strict)
- API: tRPC v11
- ORM: Prisma 5
- Database: PostgreSQL 16
- Cache / rate limiting / session blocklist: Redis 7
- Object storage: MinIO (S3-compatible, reserved for future file upload features)
- Auth: NextAuth v5
- Styling: Tailwind CSS
OpenCan ships as a single Docker Compose stack with Postgres, Redis, and MinIO. It is licensed under AGPL-3.0 and suitable for both commercial and non-commercial self-hosting. A managed hosting license is planned for teams that want hosted OpenCan without the AGPL obligations.
Looking for contributors
This project is actively seeking help, join the community!
Repository details
Updated 7/1/2026, 7:21:05 AM
View Repository