Honest competitive read. Cloudron and PMA solve overlapping problems differently. This page maps the overlap, the divergence, and when each is the right pick.
| Dimension | Cloudron | PMA |
|---|---|---|
| What it is | Commercial self-hosting platform | Open-source manifest-driven framework |
| License + cost | Proprietary; $15-50/mo per server | MIT/Apache, $0 platform cost |
| App count | ~150 packaged apps in catalogue | 12 bundled + any service you can wrap in a manifest |
| Install model | Click-to-install from web UI | just package install <svc> or write a manifest |
| App curation | Cloudron team curates + maintains | You curate; PMA team maintains the 12 bundled |
| Updates | Automatic, opt-in per app | Operator-triggered via just release-run TICKET |
| SSO | Built-in LDAP across all apps | Authentik OAuth/OIDC/SAML/proxy via manifest |
| Built-in (Cloudron Mail) | Postal (bundled) or external | |
| Backups | Built-in to S3 / SFTP / local | just backup + off-host via asd data push |
| Operator skill required | Web UI + occasional CLI | Git + bash + container literacy |
| AI-agent integration | None | First-class MCP gateway |
| Multi-tenant | One Cloudron per tenant | Multi-env per tenant on one host |
| Source visibility | Closed | Fully open, every fix in git |
Curated catalogue. Cloudron's app store has ~150 packaged apps maintained
by their team. Adding a new one to PMA means writing a manifest (an hour or
two of work). Cloudron click-to-installs are minutes.
Polished web UI for non-engineers. Cloudron's dashboard is purpose-built
to be operated by someone who has never opened a terminal. PMA assumes git +
bash + containers.
Auto-updates. Cloudron auto-applies app updates within the chosen
maintenance window. PMA defers all changes to release-run TICKET — explicit
operator action.
Email server bundled. Cloudron Mail is integrated end-to-end (inbound +
outbound + IMAP). PMA bundles Postal (outbound + bounce processing only) and
relies on the operator to set up inbound mail separately if needed.
Single vendor + support contract. When something breaks in Cloudron, you
have a vendor to escalate to. PMA support is a Redmine issue tracker + community
Cost at scale. Cloudron is $15-50/month per server, regardless of how
many apps run. PMA has no platform-licensing cost. For an agency running 10
client environments, that's $1800-6000/year in platform fees PMA avoids.
Source visibility. Every PMA fix is in git, every framework script
readable. When something behaves unexpectedly, you read the script that
caused it. Cloudron has a closed-source platform — when something
unexpected happens, you file a support ticket.
Customisation depth. PMA's manifest model means every service is
configurable at the YAML level — change ports, mounts, env vars, lifecycle
hooks. Cloudron apps are usually black boxes with limited configurability.
Release orchestration with rollback. PMA's four-phase release-run
release-revert is purpose-built for rollback-safeAI-agent first-class. PMA's MCP gateway exposes the operator surface to
AI agents — Claude / Cursor / Copilot can call just-equivalent operations
with attribution. Cloudron has no equivalent integration.
Multi-tenant on one host. PMA's ASD_ENV per env namespacing means
N tenants on one host with full isolation. Cloudron is one tenant per
Cloudron install.
Engineering-first features. Manifest-driven service addition is
git-reviewable. Profile system maps to "what does this client need".
Release scripts as bash + ticket numbers. Recovery playbooks. Contract
validation. CLAUDE.md + AI integration. None of this exists in Cloudron.
vs-saas-stacks. PMA bundlesCloudron → PMA: workable for any service where Cloudron uses the same
upstream image (most do). Take Cloudron's per-app backup, extract the data,
restore into PMA's equivalent service. Per-app migration; budget 1-3 days
per app you care about.
PMA → Cloudron: harder. PMA's service customisations (per-package
hooks, manifest field choices) don't translate to Cloudron's black-box
model. You'd usually end up redoing the customisations as Cloudron app
overrides (where Cloudron permits) or accepting feature regression.
Cloudron and PMA both let you self-host instead of paying SaaS. Cloudron
makes that accessible to non-engineers; PMA makes it powerful for
engineering teams. Pick by which side of that line you live on.
If you'd happily pay $30/month to never see bash: Cloudron. If you'd
happily write a 30-line YAML manifest to save $1800/year per tenant and
own your stack end-to-end: PMA.
/essays/pma-magic — long-form on what makes/pma/compared/vs-yunohost — the other/pma/compared/vs-saas-stacks — the