Overview:
Cosmos is an open-source platform for self-hosting a home server. It acts as a secure gateway and server manager, designed to protect self-hosted applications like Plex, HomeAssistant, or a blog from common security threats. Aimed at users with a server, NAS, or Raspberry Pi, Cosmos provides a unified interface for managing applications, storage, and security. It integrates a reverse proxy with automatic HTTPS, an app store, user authentication, and built-in protections like anti-bot and anti-DDOS measures.
Core Features:
SmartShield technology: Automatically secures applications with dynamic rate limiting, user bans/strikes, and global request control without manual configuration.
Reverse Proxy with automatic HTTPS: Targets containers, other servers, or static folders/SPAs, and supports Let's Encrypt certificate generation including wildcard certificates via DNS challenge.
App Store: Provides simple installers, automatic updates, and security checks for applications, alongside support for importing docker-compose files or using the Docker CLI.
Authentication Server & Identity Provider: Supports multi-factor authentication, OpenID connect, forward headers, and HTML-based strategies, with user management and invitation features.
Monitoring: Offers fully persisting, real-time monitoring with customizable alerts and notifications for server and application issues.
VPN and Backups: Includes a VPN for secure access without opening router ports, and incremental, encrypted, remote backups using Restic.
Use Cases:
Self-hosting a media server: Users running Plex or similar applications can secure them with Cosmos's SmartShield, anti-bot, and anti-DDOS protections, even on a local network.
Managing multiple applications on a single server: Server owners with a Raspberry Pi, NAS, or dedicated server can consolidate management of apps like HomeAssistant, blogs, and file storage through one UI.
Providing secure access to friends and family: Administrators can invite users to applications via the identity provider, manage credentials, and avoid sharing passwords, with options for password self-reset.
Why It Matters:
Cosmos provides a security-focused approach to self-hosting that assumes applications may not be trustworthy. It does not rely on corporate security tools that lock features behind expensive subscriptions. The platform is designed to integrate with existing containers and manual installations, avoiding vendor lock-in. Its modular architecture allows users to run only needed components (e.g., without Docker or HTTPS), and a JavaScript/TypeScript SDK, Go SDK, and Terraform provider enable programmatic management and automation.
