Open Source & Self-Hosted

Your Podcast.
Your Members. Your Rules.

Podscope is a self-hosted podcast membership platform built on Laravel. Private RSS feeds, Stripe-powered subscriptions, Cloudflare Stream video, and full ownership of your content and subscriber data.

Get Started View Source
bash -- podscope setup
$git clone https://git.knowthenerds.com/gdadkisson/podscope
$cd podscope && composer install
$cp .env.example .env && php artisan key:generate
$php artisan migrate
 
✔ Podscope is ready. Open your browser and go.
Integrates With
💳
Stripe
☁️
Cloudflare Stream
🎙
Apple Podcasts
🎧
Spotify
🔥
Backblaze B2
📡
OP3 Stats
Everything You Need

Built for independent podcasters
who want to own their audience

No platform lock-in. No revenue share. No monthly SaaS bill. Just your podcast, your way.

Private RSS Feeds

Every paying member gets a unique feed URL that works with every podcast app. Cancel a subscription and the feed stops -- automatically, no manual action required.

Stripe Memberships

Create show-specific plans or an all-shows tier. Monthly recurring billing, automatic renewal, and a grace period on cancellation. All handled by Stripe.

Cloudflare Stream Video

Upload episode videos directly from the admin panel. Signed playback tokens keep videos locked to paid members -- no public URL, no workarounds.

Podcasting 2.0 Ready

Full namespace support: chapters, transcripts, persons, funding, soundbites, GUID, locked, medium, and more. Your feed works with every modern podcast app.

Flexible Storage

Store audio files and artwork on local disk or Backblaze B2 cloud storage. Switch between backends from settings -- no code changes, no file migrations.

Free Preview Windows

Let paid episodes breathe. Set a preview period so new episodes are publicly available for a configurable number of days before the paywall kicks in.

Stats and Tracking

OP3 prefix on public feeds for directory-level analytics. Internal play tracking on private feeds. A dedicated stats dashboard shows plays by episode, show, and type.

Filament Admin Panel

Manage shows, episodes, members, plans, pages, media, and settings from a clean, modern admin built on Filament 5. No clunky legacy CMS interface.

Simple By Design

Up and running in minutes

Podscope is a standard Laravel application. If you can run a PHP site, you can run Podscope.

1

Install

Clone the repo, run composer install, configure your .env file, and run migrations. Works on any server with PHP 8.4 and a queue worker.

2

Configure

Add your Stripe keys, connect Backblaze B2 or use local storage, set up Mailgun for notifications, and configure Cloudflare Stream if you want video.

3

Publish

Create your show, upload episodes, set up membership plans, and submit your RSS feed to Apple Podcasts and Spotify. Your members subscribe and get immediate access.

Tech Stack

Standard server requirements

Podscope runs on the same stack as any modern Laravel application. No exotic dependencies.

PHP 8.4+
PostgreSQL or MySQL
Redis
Supervisor (queue worker)
Nginx or Apache
Composer
SSL Certificate
Quick Start

From zero to live in minutes

A complete install from a fresh server. Full documentation covers CloudPanel, Nginx, and Supervisor configuration.

podscope -- installation
1 -- Clone the repository
git clone https://git.knowthenerds.com/gdadkisson/podscope
cd podscope
2 -- Install dependencies
composer install --no-dev --optimize-autoloader
3 -- Configure environment
cp .env.example .env
php artisan key:generate
# Edit .env -- set DB_*, STRIPE_*, MAIL_*, APP_URL
4 -- Database and storage
php artisan migrate
php artisan storage:link
5 -- Create admin account and launch
php artisan make:filament-user
php artisan queue:work # or configure Supervisor
✔ Visit /admin to get started
🎙

Built to be owned, not rented

Podscope is free to self-host. No monthly platform fee, no revenue share, no third-party holding your subscriber list hostage.

Browse the Source
What's New

Recent releases

Podscope is under active development. New features ship regularly.

v0.84

Explicit "All Shows" membership option deployed to prod + pushed to git main (8c

maps to show_id=NULL via MembershipPlan::ALL_SHOWS sentinel + scopeToShowId()/showIdToScope() helpers wired through the field formatStateUsing/dehydrateStateUsing. No schema change; subscriptionName()/checkout/RSS/access untouched; no pseudo-show record created. Tests: MembershipPlanScopeTest (6: he

v0.83

Prevent orphaned membership plans on show deletion (paywall bypass) deployed to

membership_plans.show_id FK was ON DELETE SET NULL, and a NULL show_id is the app all_shows sentinel, so deleting a show turned its show-specific plans into platform-wide everything-plans (reported: deleted Don Talk plans showed as all-access on Book of Donovan). Fix (hybrid): Show deleting hook now

v0.82

Nonce-based CSP for the public site (N-2 Tier 1) deployed to production in Repor

Report-Only header present with full policy, nginx narrow enforced CSP still present, header nonce == script nonce within a response, admin/RSS excluded, episode/home render, no inline handlers remain, no log errors. ROLLOUT: nginx keeps its enforced CSP during the soak; to enforce later set CSP_ENF

v0.81

Security review follow-up (N-6, N-7 upload hardening) deployed to production + p

StreamUploadController::storeAndCopy forces a safe video extension (new safeVideoExtension() allow-list mp4/mov/webm/mkv/m4v/avi, else mp4) instead of trusting the client extension, so a polyglot cannot be written as an executable .php under the public stream-tmp dir. N-7: favicon upload drops image

v0.80

Security review follow-up (N-2 stored-XSS) deployed to production + pushed to gi

:clean() (Symfony HtmlSanitizer, curated safe allow-list) and applied it at all four raw {!! body !!} render sinks: episodes/show.blade.php (HTML branch), pages/show.blade.php, rss/feed.blade.php, rss/private-feed.blade.php. Sanitizing at the render sink closes existing stored content plus future au

v0.79

Security review follow-up (N-4) deployed to production + pushed to git main (6c5

EpisodePlayController::web (404 unless published; 403 unless admin/canAccessEpisode), CommentController::store and ReactionController::toggle (404 unless target published), ChaptersController::show public endpoint (404 unless published), ShowNotificationController::toggle (404 unless show published)

v0.78

Security review follow-up (high-value trio) deployed to production tiftonmediawo

TrackingController::privateAudio now 404s unpublished/scheduled episodes even for valid token holders (canAccessEpisode was publish-agnostic, leaking unreleased free-episode audio). N-3: composer update guzzlehttp/guzzle 7.11.1->7.13.1 and psr7 2.11.0->2.12.3, clearing CVE-2026-55767/-55568/-55766;

v0.77

Security

restricted trusted proxies from at:* to loopback only (127.0.0.1, ::1) in bootstrap/app.php. trustProxies(at:*) made $request->ip() spoofable: CloudPanel edge nginx appends the real IP to $proxy_add_x_forwarded_for, and Symfony returned the leftmost (client-injected) XFF entry, defeating the M-4 aut