How to Self-Host Accounting Software

Step 1: Choose Your Server Infrastructure

The first decision is where your server will run. You have three broad options: a virtual private server (VPS) from a cloud provider, a dedicated server rented from a hosting company, or a physical machine on your own network.

For most small businesses, a VPS offers the best balance of cost, performance, and convenience. Providers like Hetzner, DigitalOcean, Linode, and Vultr offer Linux VPS instances starting at $5 to $10 per month, which is sufficient for single-user or small-team accounting workloads. A server with 2 GB of RAM, 1 vCPU, and 50 GB of SSD storage comfortably handles Akaunting or Firefly III for a small business with moderate transaction volume. ERPNext, being a larger application, benefits from at least 4 GB of RAM.

Running on a local machine (a Raspberry Pi 4 or a small office server) keeps your data physically within your premises, which may be required by certain compliance frameworks. The trade-off is that you are responsible for hardware reliability, power protection, and network uptime. If you choose this route, use hardware with ECC RAM if possible, connect it to an uninterruptible power supply, and ensure your internet connection supports reliable remote access through a VPN.

When selecting a VPS provider, consider data center location (choose one in your jurisdiction for data residency), backup options (some providers offer automatic daily snapshots), and network quality. European businesses may prefer Hetzner or OVH for GDPR-compliant hosting within the EU.

Step 2: Secure the Server

Before installing any application, harden your server's base security. Financial data is a high-value target, so security is not optional.

Start with SSH access. Disable password-based SSH login and use key-based authentication exclusively. Generate an SSH key pair on your local machine if you do not already have one, copy the public key to the server, and disable PasswordAuthentication in the SSH daemon configuration. Change the default SSH port from 22 to a non-standard port to reduce automated brute-force attempts, though this is not a security measure on its own.

Enable a firewall using UFW (Uncomplicated Firewall) on Ubuntu/Debian or firewalld on RHEL-based distributions. Allow only the ports you need: your SSH port, port 80 for HTTP, and port 443 for HTTPS. Block everything else. Install fail2ban to automatically block IP addresses that make repeated failed login attempts.

Create a non-root user account for day-to-day administration and disable direct root login via SSH. Use sudo for commands that require elevated privileges. Enable automatic security updates for the operating system so that critical patches are applied without manual intervention. On Ubuntu, the unattended-upgrades package handles this automatically.

If your accounting system will only be accessed from known locations (your office network, your home), consider restricting HTTP/HTTPS access to specific IP addresses or requiring VPN access to reach the server. This adds a strong layer of protection beyond application-level authentication.

Step 3: Install the Application Stack

Most web-based open source accounting tools run on a LAMP or LEMP stack: Linux, Apache or Nginx, MySQL or PostgreSQL, and PHP. You have two main deployment approaches: manual installation or Docker containers.

Docker deployment is the simpler path. Docker packages the application and all its dependencies into containers that run consistently regardless of the host operating system. Akaunting, Firefly III, and ERPNext all provide official Docker images. A typical deployment requires installing Docker and Docker Compose on your server, creating a docker-compose.yml file that defines the application container, database container, and any supporting services, then running docker-compose up -d to start everything. Updates are handled by pulling new images and restarting the containers.

Manual installation gives you more control over the server environment but requires more setup work. For a PHP-based application like Akaunting, you would install Nginx or Apache, PHP 8.1+ with required extensions (mbstring, xml, curl, gd, zip, mysql or pgsql), MySQL or PostgreSQL, and Composer (PHP dependency manager). Then clone the application repository, install dependencies with Composer, configure the database connection, and run the application's install command. For detailed Akaunting-specific instructions using both methods, see our Akaunting installation guide.

Regardless of deployment method, create a dedicated database user for the accounting application with permissions limited to only the database it needs. Never use the database root account for application access.

Step 4: Configure SSL and Domain

All connections to your accounting software must use HTTPS. Financial data transmitted over unencrypted HTTP can be intercepted by anyone on the network path between your browser and the server.

Point your domain or subdomain (for example, accounting.yourbusiness.com) to your server's IP address by creating an A record in your DNS configuration. Once the DNS record propagates, use Certbot (the Let's Encrypt client) to obtain a free SSL certificate and automatically configure your web server to use it. Certbot handles certificate renewal automatically, so your SSL certificate stays valid without manual intervention.

For Docker deployments, a reverse proxy like Nginx Proxy Manager or Traefik can handle SSL termination and automatic certificate renewal for all your containerized services. This is the cleanest approach when running multiple Docker applications on the same server.

After configuring SSL, test your setup by visiting your domain in a browser and verifying the padlock icon appears. Then configure the accounting application's base URL setting to use your HTTPS domain so that all generated links, email notifications, and invoice URLs use the correct address.

Step 5: Set Up Automated Backups

Backups are the single most important aspect of self-hosted accounting maintenance. Financial data is irreplaceable, and a disk failure, accidental deletion, or security incident without backups means starting over from scratch.

Configure automated daily database dumps using mysqldump (for MySQL) or pg_dump (for PostgreSQL). Compress the dumps with gzip and store them with timestamped filenames so you can restore to any specific date. For Docker deployments, run the dump command inside the database container or from the host using the container's exposed port.

Back up application files as well, including uploaded attachments (receipts, invoice PDFs), configuration files, and any customizations you have made. For Docker deployments, this means backing up the volumes mapped to the host filesystem.

Store backup copies in at least two separate locations. Keep recent backups on the server for quick restoration, and copy them to an offsite location such as an S3-compatible object storage service (AWS S3, Backblaze B2, Wasabi), a separate VPS, or an encrypted external drive. Use rclone or a similar tool to automate the offsite copy process.

Encrypt backups before transferring them offsite. Financial database dumps contain sensitive information that should be protected in transit and at rest. GPG encryption with a strong passphrase is straightforward and widely supported. Store the encryption passphrase securely, separate from the backups themselves.

Test your restore process at least quarterly. A backup that cannot be restored is not a backup. Spin up a temporary server or container, restore from your latest backup, and verify that the data is complete and the application functions correctly.

Step 6: Establish Maintenance Routines

A self-hosted accounting system needs regular maintenance to remain secure and performant.

Operating system updates: Apply security patches weekly at minimum. If you enabled automatic security updates in Step 2, critical patches are handled automatically, but you should still review and apply non-security updates periodically to keep the system current.

Application updates: Subscribe to the accounting software's release notifications (GitHub releases, mailing list, or RSS feed). Apply updates promptly, especially those that address security vulnerabilities. Before updating, always take a full backup and test the update on a staging environment if possible. For Docker deployments, updating is typically a matter of pulling the new image and restarting the container.

Database maintenance: Run OPTIMIZE TABLE (MySQL) or VACUUM (PostgreSQL) periodically to reclaim disk space and maintain query performance. Monitor database size growth to ensure you have adequate storage headroom.

Log monitoring: Review application and server logs periodically for errors, failed login attempts, and unusual activity. Set up simple log monitoring with tools like logwatch or GoAccess to receive regular summaries. For more comprehensive monitoring, Uptime Kuma is a free, self-hosted monitoring tool that can alert you if your accounting application becomes unreachable.

SSL certificate renewal: If you used Certbot, renewal is automatic. Verify periodically that the renewal cron job is running and that your certificate has not expired.