Cosmos is a unique self-hosted platform that provides a secure and private environment for running server applications. With built-in privacy features, it provides a secure gateway to your application, guaranteeing the safety of your data and user information.
Moreover, it serves as a server manager, allowing you to manage your server and applications with ease. By utilizing Cosmos, you can rest assured that your self-hosted applications and personal servers are protected from vulnerabilities that are increasingly becoming a concern in todayโs world. With its advanced security features, you can focus on your work and leave the worry of server management and security to Cosmos.
It comes with a built-in security features, tools, and configuration such as multifactor authentication, Let's Encrypt, and many more that enables you to stay a head of all security threats and more.
Whether you have a server, a NAS, or a Raspberry Pi with applications such as Plex, HomeAssistant or even a blog, Cosmos is the perfect solution to secure them all. Simply install Cosmos on your server and connect to your applications through it to enjoy built-in security and robustness for all your services, right out of the box.
Features
Cosmos is a:
- App Store ๐ฆ๐ฑ To easily install and manage your applications, with simple installers, automatic updates and security checks. This works alongside manual installation methods, such as importing docker-compose files, or the docker CLI
- Customizable Homepage ๐ ๐ผ To access all your applications from a single place, with a beautiful and customizable UI
- Reverse-Proxy ๐๐ Targeting containers, other servers, or serving static folders / SPA with automatic HTTPS, and a nice UI
- Authentication Server ๐ฆ๐ฉ With strong security, multifactor authentication and multiple strategies (OpenId, forward headers, HTML)
- Container manager ๐๐ง To easily manage your containers and their settings, keep them up to date as well as audit their security. Includes docker-compose support!
- Identity Provider ๐ฆ๐ฉ To easily manage your users, invite your friends and family to your applications without awkardly sharing credentials. Let them request a password change with an email rather than having you unlock their account manually!
- SmartShield technology ๐ง ๐ก Automatically secure your applications without manual adjustments (see below for more details). Includes anti-bot and anti-DDOS strategies.
It has been built to be:
- Easy to use ๐๐ to install and use, with a simple web UI to manage your applications from any device
- Powerful ๐ง ๐ฅ Being easy does not mean being dumb: while Cosmos is easy to use, it is also powerful and flexible, you can even use it from the terminal if you want to!
- User-friendly ๐งโ๐จ For both new and experienced users: easily integrates into your existing home server, the already existing applications you have, and the new ones you want to install
- Secure ๐๐ Connect to all your applications with the same account, including strong security, multifactor authentication and OpenId. Cosmos encrypt your data and protect your privacy. Security by design, and not as an afterthought
- Anti-Bot ๐คโ Collection of tools to prevent bots from accessing your applications, such as common bot detection, IP based detection, and more
- Anti-DDOS ๐ฅโ๏ธ Additional protections such as variable timeouts/throttling, IP rate limiting and geo-blacklisting
- Modular ๐งฉ๐ฆ to easily add new features and integrations, but also run only the features you need (for example No docker, no Databases, or no HTTPS)
More Features
- Security: Cosmos has a unique strong focus on securing your application with exclusive features such as the smart-shield. It has 2FA, OpenID, anti-DDOS, and other security features built-in.
It also has a strong focus on privacy, with the latest encryption methods and a strong focus on data protection. Unlike any other solutions, it assumes the software you run are not trustworthy, and protects you from them. - Power-user friendly: Some of those alternatives can feel a bit "limiting" to someone who kows what they are doing. On the other hand, while Cosmos is designed to be easy to use, it is also powerful and flexible.
It is designed to be used by both new and experienced users, and to integrate into your existing home server, the already existing applications you have, and the new ones you want to install. It can even be used from the terminal if you want to! - Flexible: Unlike the alternatives, Cosmos is not exclusively focused around its app-store. Instead, it lets you freely install any application any way you want, and manage them from the UI, from Portainer, or from docker directly.
Any of those applications will still be integrated into Cosmos and will also benefit from all the security features, Let's
What is the SmartShield?
SmartShield is a modern API protection package designed to secure your API by implementing advanced rate-limiting and user restrictions. This helps efficiently allocate and protect your resources without manual adjustment of limits and policies.
Key Features:
- Dynamic Rate Limiting โจ SmartShield calculates rate limits based on user behavior, providing a flexible approach to maintain API health without negatively impacting user experience.
- Adaptive Actions ๐ SmartShield automatically throttles users who exceed their rate limits, preventing them from consuming more resources than they are allowed without abruptly terminating their requests.
- User Bans & Strikes ๐ซ Implement temporary or permanent bans and issue strikes automatically to prevent API abuse from malicious or resource-intensive users.
- Global Request Control ๐ Monitor and limit with queues the total number of simultaneous requests on your server, ensuring optimal performance and stability.
- User-based Metrics ๐ SmartShield tracks user consumption in terms of requests, data usage, and simultaneous connections, allowing for detailed control.
- Privileged Access ๐ Assign privileged access to specific user groups, granting them exemption from certain restrictions and ensuring uninterrupted service even durin attacks.
- Customizable Policies โ๏ธ Modify SmartShield's default policies to suit your specific needs, such as request limits, time budgets, and more.
Why use Cosmos?
If you have your own self-hosted data, such as a Plex server, or may be your own photo server, you expose your data to being hacked, or your server to being highjacked (even on your local network!).
It is becoming an important threat to you. Managing servers, applications and data is very complex, and the problem is that you cannot do it on your own: how do you know that the server application where you store your family photos has a secure code? it was never audited.
Even a major application such as Plex has been hacked in the past, and the data of its users has been exposed. In fact, the recent LastPass leak happened because a LastPass employee had a Plex server that wasn't updated to the last version and was missing an important security patch!
That is the issue Cosmos Server is trying to solve: by providing a secure and robust way to run your self-hosted applications, you can be sure that your data is safe and that you can access it without having to worry about your security.
License
โCommons Clauseโ License Condition v1.0
The Software is provided to you by the Licensor under the
License, as defined below, subject to the following condition.
Without limiting other conditions in the License, the grant
of rights under the License will not include, and the License
does not grant to you, the right to Sell the Software.
For purposes of the foregoing, โSellโ means practicing any or
all of the rights granted to you under the License to provide
to third parties, for a fee or other consideration (including
without limitation fees for hosting or consulting/ support
services related to the Software), a product or service whose
value derives, entirely or substantially, from the functionality
of the Software. Any license notice or attribution required by
the License must also include this Commons Clause License
Condition notice.
Software: Cosmos-Server
License: Apache 2.0 with Commons Clause
Licensor: Yann Stepienik
Resources
azukaar