MCPcopy Index your code
hub / github.com/azukaar/Cosmos-Server

github.com/azukaar/Cosmos-Server @v0.22.23 sqlite

repository ↗ · DeepWiki ↗ · release v0.22.23 ↗
4,433 symbols 12,243 edges 481 files 1,887 documented · 43%
README

banner


Thanks to the sponsors:

null null Phobes null null


DiscordLink CircleCI Docker Pulls

☁️ Cosmos is the most secure and easy way to self-host a Home Server. It acts as a secure gateway to your application, as well as a server manager. It aims to solve the increasingly worrying problem of vulnerable self-hosted applications and personal servers.

screenshot1

Whether you have a server, a NAS, or a Raspberry Pi with applications such as Plex, HomeAssistant or even a blog, Cosmos is the perfect solution to run and secure them all. Simply install Cosmos on your server and connect to your applications through it to enjoy built-in security and robustness for all your services, right out of the box.

Cosmos is:

  • App Store 📦📱 To easily install and manage your applications, with simple installers, automatic updates and security checks. This works alongside manual installation methods, such as importing docker-compose files, or the docker CLI
  • Storage Manager 📂🔐 To easily manage your disks, including Parity Disks and MergerFS
  • Network Storages 📡📂 Based on RClone, To easily manage your network storages, including accessing remote ones (ex. Dropbox) or share NFS / FTP / ... from the UI, protected by the smart shield
  • Reverse-Proxy 🔄🔗 Targeting containers, other servers, or serving static folders / SPA with automatic HTTPS, and a nice UI
  • Authentication Server 🔐👤 With strong security, multi-factor authentication and multiple strategies (OpenId, forward headers, HTML)
  • Customizable Homepage 🏠🖼 To access all your applications from a single place, with a beautiful and customizable UI
  • Container manager 🐋🔧 To easily manage your containers and their settings, keep them up to date as well as audit their security. Includes docker-compose support!
  • VPN 🌐🔒 To securely access your applications from anywhere, without having to open ports on your router.
  • Backups 📦🔒 To easily backup your applications, with incremental backups, encryption, and remote backups. Using Restic under the hood
  • Monitoring 📈📊 Fully persisting and real-time monitoring with customizable alerts and notifications, so you can be notified of any issue.
  • Identity Provider 👦👩 To easily manage your users, invite your friends and family to your applications without awkardly sharing credentials. Let them request a password change with an email rather than having you unlock their account manually!
  • SmartShield technology 🧠🛡 Automatically secure your applications without manual adjustments (see below for more details). Includes anti-bot and anti-DDOS strategies. Now includes TCP protection (FTP, SSH, Games, ...)
  • CRON 🕒🔧 To easily schedule tasks on the server or inside containers

It has been built to be:

  • Easy to use 🚀👍 to install and use, with a simple web UI to manage your applications from any device
  • Powerful 🧠🔥 Being easy does not mean being dumb: while Cosmos is easy to use, it is also powerful and flexible, you can even use it from the terminal if you want to!
  • User-friendly 🧑‍🎨 For both new and experienced users: easily integrates into your existing home server, the already existing applications you have, and the new ones you want to install
  • Secure 🔒🔑 Connect to all your applications with the same account, including strong security, multi-factor authentication and OpenId. Cosmos encrypt your data and protect your privacy. Security by design, and not as an afterthought
  • Anti-Bot 🤖❌ Collection of tools to prevent bots from accessing your applications, such as common bot detection, IP based detection, and more
  • Anti-DDOS 🔥⛔️ Additional protections such as variable timeouts/throttling, IP rate limiting and geo-blacklisting
  • Modular 🧩📦 to easily add new features and integrations, but also run only the features you need (for example No docker, no Databases, or no HTTPS)

And a lot more planned features are coming!

What are the differences with other alternatives?

Cosmos has a few key differences with other alternatives such as YunoHost, Unraid, etc...

<table border="1" cellpadding="10" cellspacing="0" style="margin-left: auto; margin-right: auto;">
    <thead>
        <tr>
            <th>Feature</th>
            <th>Cosmos</th>
            <th>Unraid</th>
            <th>Yunohost</th>
            <th>CasaOS</th>
            <th>Cloudron</th>
        </tr>
    </thead>
    <tbody>
        <tr>
            <td>Reverse Proxy</td>
            <td>✅</td>
            <td>❌</td>
            <td>✅</td>
            <td>❌</td>
            <td>~ *</td>
        </tr>
        <tr>
            <td>Container Management</td>
            <td>✅</td>
            <td>~ *</td>
            <td>❌</td>
            <td>~ *</td>
            <td>❌</td>
        </tr>
        <tr>
            <td>Automatic HTTPS</td>
            <td>✅</td>
            <td>❌</td>
            <td>❌</td>
            <td>❌</td>
            <td>✅</td>
        </tr>
        <tr>
            <td>Multi-users</td>
            <td>✅</td>
            <td>✅</td>
            <td>✅</td>
            <td>❌</td>
            <td>✅</td>
        </tr>
        <tr>
            <td>2FA</td>
            <td>✅</td>
            <td>❌</td>
            <td>❌</td>
            <td>❌</td>
            <td>✅</td>
        </tr>
        <tr>
            <td>OpenID/SSO</td>
            <td>✅</td>
            <td>❌</td>
            <td>❌</td>
            <td>❌</td>
            <td>~ *</td>
        </tr>
        <tr>
            <td>App Store</td>
            <td>✅</td>
            <td>✅</td>
            <td>✅</td>
            <td>✅</td>
            <td>✅</td>
        </tr>
        <tr>
            <td>Docker Compose support</td>
            <td>✅</td>
            <td>✅</td>
            <td>❌</td>
            <td>✅</td>
            <td>✅</td>
        </tr>
        <tr>
            <td>File manager</td>
            <td>❌</td>
            <td>✅</td>
            <td>❌</td>
            <td>✅</td>
            <td>❌</td>
        </tr>
        <tr>
            <td>Anti-bot / anti-DDOS</td>
            <td>✅</td>
            <td>❌</td>
            <td>❌</td>
            <td>❌</td>
            <td>❌</td>
        </tr>
        <tr>
            <td>VPN</td>
            <td>✅</td>
            <td>~ **</td>
            <td>❌</td>
            <td>❌</td>
            <td>❌</td>
        </tr>
        <tr>
            <td>Monitoring (w/ historical data & alerts)</td>
            <td>✅</td>
            <td>❌</td>
            <td>❌</td>
            <td>❌</td>
            <td>❌</td>
        </tr>
        <tr>
            <td>Hard VM Management</td>
            <td>❌</td>
            <td>✅</td>
            <td>❌</td>
            <td>❌</td>
            <td>❌</td>
        </tr>
    </tbody>
</table>
  • denotes support limited to apps installed with the software itself

** Wireguard only. Does not support meshing or bypassing CGNAT

  • Security: Cosmos has a unique strong focus on securing your application with exclusive features such as the smart-shield. It has 2FA, OpenID, anti-DDOS, and other security features built-in. It also has a strong focus on privacy, with the latest encryption methods and a strong focus on data protection. Unlike any other solutions, it assumes the software you run are not trustworthy, and protects you from them.
  • Power-user friendly: Some of those alternatives can feel a bit "limiting" to someone who knows what they are doing. On the other hand, while Cosmos is designed to be easy to use, it is also powerful and flexible. It is designed to be used by both new and experienced users, and to integrate into your existing home server, the already existing applications you have, and the new ones you want to install. It can even be used from the terminal if you want to!
  • Flexible: Unlike the alternatives, Cosmos is not exclusively focused around its app-store. Instead, it lets you freely install any application any way you want, and manage them from the UI, from Portainer, or from docker directly. Any of those applications will still be integrated into Cosmos and will also benefit from all the security features, Let's Encrypt, etc..
  • Learning experience: If you are new to self-hosting, using a software that hides all the complexity from you can prevent you from learning how to properly manage your server. Cosmos is designed to be easy to use, but also to be a learning experience. It does not hide things away but instead guides you and incentivizes learning more about the tools you are using.
  • No vendor-locking: Unlike solution that tightly couple their applications to the containers, Cosmos can manage apps created from anywhere all the same, and converting an existing container to a Cosmos app is as simple as adding a URL in the UI. You can also migrate out of Cosmos at any time, as it only uses vanilla docker containers.

You might also wonder about cloudflare proxy and cloudflare tunnel when it comes to security. But unlike popular beliefs those are not solutions on their own as:

  • While they protect your remote access to your applications, they leave your origin server completely unprotected. A rogue device / application in your local network would have no troubles taking advantage of it
  • Those options let Cloudflare see your entire network unencrypted. Yes, even if you use HTTPS: Cloudflare proxy de-encrypt your traffic, to re-encrypt it. Meaning that everything that goes through your traffic is plain readable text to Cloudflare. On the other hand, Cosmos is self-hosted so you stay in control of your data.

SDK and Terraform

A JavaScript/TypeScript SDK is available for programmatic access to the Cosmos API. See the JS SDK documentation for installation, usage, and examples.

The GO SDK can be found in the go-sdk folder and used with Go SDK documentation

Finally a Terraform provider is available to fully automate your setup: Terraform documentation

What is the SmartShield?

SmartShield is a modern API protection package designed to secure your API by implementing advanced rate-limiting and user restrictions. This helps efficiently allocate and protect your resources without manual adjustment of limits and policies.

Key Features:

  • Dynamic Rate Limiting ✨ SmartShield calculates rate limits based on user behavior, providing a flexible approach to maintain API health without negatively impacting user experience.
  • Adaptive Actions 📈 SmartShield automatically throttles users who exceed their rate limits, preventing them from consuming more resources than they are allowed without abruptly terminating their requests.
  • User Bans & Strikes 🚫 Implement temporary or permanent bans and issue strikes automatically to prevent API abuse from malicious or resource-intensive users.
  • Global Request Control 🌐 Monitor and limit with queues the total number of simultaneous requests on your server, ensuring optimal performance and stability.
  • User-based Metrics 📊 SmartShield tracks user consumption in terms of requests, data usage, and simultaneous connections, allowing for detailed control.
  • Privileged Access 🔑 Assign privileged access to specific user groups, granting them exemption f

Extension points exported contracts — how you extend this code

LogFormatter (Interface)
LogFormatter initiates the beginning of a new LogEntry per request. See DefaultLogFormatter for an example implementatio [1 …
src/utils/logger.go
ServeHandle (Interface)
ServeHandle is the interface that serve servers implement
src/storage/rclone.go
PlacementStrategy (Interface)
PlacementStrategy is the interface implemented by deployment placement strategies in Cosmos Pro. The free build ships no
src/pro/scheduler_placement.go
BackupConfig (Interface)
(no doc)
client/src/api/backup.demo.ts
ExecuterFn (FuncType)
(no doc)
src/cron/index.go
SetupRequest (Interface)
(no doc)
sdk/src/index.ts
LogEntry (Interface)
LogEntry records the final log when a request completes. See defaultLogEntry for an example implementation. [1 implementers]
src/utils/logger.go
RestoreConfig (Interface)
(no doc)
client/src/api/backup.demo.ts

Core symbols most depended-on inside this repo

Get
called by 883
src/docker/ip.go
Error
called by 877
src/utils/log.go
HTTPError
called by 581
src/utils/utils.go
Error
called by 460
terraform-provider-cosmos/internal/client/client.go
Log
called by 424
src/utils/log.go
Close
called by 279
src/proxy/avahi.go
Debug
called by 217
src/utils/log.go
apiFetch
called by 176
client/src/api/client.ts

Shape

Function 2,186
Method 1,685
Struct 501
Interface 42
TypeAlias 16
FuncType 3

Languages

Go79%
TypeScript21%

Modules by API surface

go-sdk/client.gen.go2,139 symbols
src/utils/utils.go68 symbols
src/utils/types.go47 symbols
src/constellation/nebula.go35 symbols
client/src/api/docker.tsx31 symbols
src/cron/index.go30 symbols
src/docker/docker.go29 symbols
src/backups/restic.go28 symbols
src/utils/middleware.go27 symbols
terraform-provider-cosmos/internal/client/client.go23 symbols
src/proxy/Socketshield.go21 symbols
client/src/api/constellation.tsx21 symbols

Dependencies from manifests, versioned

bazil.org/fusev0.0.0-2023012000273 · 1×
cloud.google.com/go/auth/oauth2adaptv0.2.8 · 1×
cloud.google.com/go/compute/metadatav0.9.0 · 1×
github.com/256dpi/lungov0.3.7 · 1×
github.com/AdamSLevy/jsonrpc2/v14v14.1.0 · 1×
github.com/Azure/azure-sdk-for-gov68.0.0+incompatible · 1×
github.com/Azure/azure-sdk-for-go/sdk/azcorev1.20.0 · 1×
github.com/Azure/azure-sdk-for-go/sdk/azidentityv1.13.1 · 1×
github.com/Azure/azure-sdk-for-go/sdk/internalv1.11.2 · 1×
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdnsv1.2.0 · 1×
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatednsv1.3.0 · 1×

Datastores touched

(mongodb)Database · 1 repos

For agents

$ claude mcp add Cosmos-Server \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact