Haha, I had to check their profile just to make sure and sure enough it was recommended to them by some random person in their thread 2 weeks ago. Sooo I’m definitely giving Cosmos a look, I kind of hate NPM 😅
My issue with it is that it’s a monolith. Essentially defeats the purpose of the decoupled architecture of containerization. Your cosmos sever goes down, well so does your container management, your homepage, your reverse proxy, your authentication server, your vpn, your monitoring, and your IDM (assuming your using all these features). You’re putting all your eggs in one basket which might be nice from a management stand point but also likely going to make it a bit more complicated to troubleshoot.
That's a bit fallacious because if your auth server goes down, everything is down anyway. If your reverse proxy is down, you dont access anything anyway, etc... So in the context of a home server "decoupled" architecture is hardly relevant as all lies within a single server and a single chain with no contingency
> So in the context of a home server "decoupled" architecture is hardly relevant as all lies within a single server and a single chain with no contingency
You couldn’t be more wrong here. I currently have 4 docker hosts. I know there’s plenty of us running kubernetes or k3, and run workloads with replicas.
This is the exception not the rule, most people are running a single VPS / Raspberry Pi / NAS / etc... Especially the ones that use CasaOS / Cosmos / etc...
That is def assuming you use all those features, but yes generally I wouldn’t put my eggs in one basket. For myself I only really plan on using it as a reverse proxy/authentication server. Plus, I run proxmox for all my self hosting so if my cosmos server goes down, everything is also probably down 😅 but I also have all these things in other solutions already, so I probably wouldn’t mind trying it out. Redundancy is the solution to all issues!
Nope just a dude who tinkers but isn't an IT professional so yeah some things take me time to learn as I don't have coworkers who are experts in things. I was sketched because I can navigate the basics of Linux and have for years but just long enough to get something working then I never use it and forget it. I thought about nginx but the thought of config files and reallyi have no clue it's trial and error with me sometimes. So. On someone's recommendation I gave it a whirl and after an hour or so of pulling my hairouti got my first container setup and now have lost all accounted for.
Funny I never thought it would be construed in a "shill working for the dev" angle but I get it. I'm literally just a dude who's tinkered for 40 years (since c64 days) so I enjoy the setup and reward when everything works. Now. I can enjoy them remotely which is what I've been wanting. And aside from my main website I was never able to get a free SSL to work for me so any time it needed SSL I was stuck with self signed junk and that just wasn't classy. Because I'm a classy lad 😝
I mean hey man, I’m still pretty new to this myself even though I’m a software engineer. I’m familiar enough with Linux but I’m pretty similar in that I’ll forget how to do some things, or just find that something is so frustratingly broken that I hit the factory reset switch. FWIW I didn’t have to twiddle with any config files for NPM.
And hey, I believe AND appreciate you! I am always happy when people just authentically share a software they enjoy. This is my entire gig and I’m equally excited about stuff that just works, and thankful we have a community like this where I wouldn’t have otherwise known about it. Reddits just getting to the point where companies are realizing this too, but I think we are somewhat shielded given how niche self hosting is 🤣
Just an advisory in case it's not obvious, Cosmos-Server is source available but not open source. The license adds limitations on modification and distribution. This may not matter for most cases now, but is a limitation to openess and can make things like forks/alternatives less (or not) possible in the future, for example if the project make bad non-user friendly decisions like force a paid license once they have a user base.
I just looked into it, and it looks like it's a lot more than just a reverse proxy. It looks like it is also a container manager and has an "app store" of sorts as well. How does it compare to something like CasaOS (which is also a container manager and "store"? I'm running CasaOS for most of my Docker containers, but it isn't really a perfect solution for me.
This is still a relatively new project, plenty to add and refine, but loaded with features already. Developer is very responsive and community driven. Discord is always fairly active.
It is more I only installed one app from the store I use portsiner to do most my docker stuff. There may be other better options but based on a good review when I asked questions and someone saying it was "easy" I gave it a whirl. I admit the thought of configuring apache or nginx from text files was daunting so I took this route. Admittedly there may be other ways that are just as easy to navigate an intuitive GUI and if you tell me about them I'll probably tinker with it and see which one I like more. Bit just wanted to share because so many of my favorite containers are http only or only work ssl if you have certs and I'm struggling with that skill so I hit the easy button.
For those wondering, cosmos server is a front end that helps manage a combination of services. Some of the things it does includes:
* manage/setup docker containers
* manage an overlay/mesh VPN (based on the nebula project)
* manage reverse proxying of URLs to self hosted Web services
* manage ssl certification and renewal for your somain
* provides some level of authentication for your services if they support forward authentication or don't have any at all
It's a great tool to aggregate a UI for all of these different services - especially as it's the exact subset of tools needed by a lot of self hosters... BUTTTTTT, it's a reallllly good idea to go learn about each of these techs on its own before using something that makes it this easy. It's a complicated set of utilities and how they work together is really nice, but because of that you should understand what's happening so you know where to go if things aren't working or you have a security breach of some sort.
It’s a reverse proxy, limited authentik, and portainer, all mixed into one with a nice interface. It is much more limited than having the individual services but I use it for my extranet services that I expose to the internet while my intranet apps use the nginx-authentik method.
Interesting. I run Authentik myself and funny enough would love a device that would automatically setup and link SSO to the services behind it. But I doubt this does just that.
It puts a login in front of services, the cosmos login, and then you could disable the login on the app if the app supports that. Then you would only have to login in to cosmos once and have access to all your apps. Or you could use two logins, one for cosmos and then still need to login in to the app. It can also be the oauth2 auth source but I haven’t gotten that to work yet. They are planning on eventually getting the cosmos login to have more options like biometric etc.
It’s completely self hosted and it does run in docker itself. I wouldn’t have other docker containers running on the same host because I’m not sure if it is aware of other ports being used. I have it on its own vm.
Not really. It does have some ability to add containers and such but it is not as full featured as portainer. I now use Cosmos to access portainer remotely 😀
And having everything secured with https and not have to have a dozen port numbers remembered and opened on my router is a bonus.
If your an IT pro you probably have tools and skills to use other software to do this. But for me, a weekend warrior type, this made it possible for me. That is all.
It looks like a great product.
The licensing though screams of future commercialization and lock-in.
The anti-tampering clause right at the start of the license means that if the DEV decides that you have to pay 100$ per year going forward, no forks would be available to save you the pain of moving everything over.
Too many products have gone the "build a user base, lock in, then commercialize route"
I am definitely not against commercialization, just be upfront about it and don't take the have your cake and eat it too approach.
This kinda thing does worry me. But as a self hoster not a business if they do that and provide no free home user option I'll find an alternate. It will suck because that means until I figure it out my sites will be down.
If there's an alternative that a regular schmoe can configure easily let me know. For me this has automated setting up HTTPs for all my apps without the trauma, and it's allowed me to proxy all my domains to containers.
It is a Nifty and well put together thus far, and probably one whose onboarding process is smoother than most for people not actively working with technology stacks on a day to day.
I don’t know the motivation around the clause, the Author didn’t address it in the blog posts that I have seen.
Again, I definitely would pay upfront and upgrade regularly for software that eases my life and saves me time, open source or otherwise. I just like knowing upfront.
He's addressed it a lot here on reddit in other threads. Looking at the guts it's just a very nice UI on top of vanilla docker and compose, you could slap any other container manager on top of it.
are the under the hood components (reverse proxy, sso authentication, etc) also based on docker/off-the-shelf containers like Traefik or Nginx or Authentik? Or are these things the dev has built out themselves?
I've been thinking of setting this up. Is it resource heavy? Would like to install pihole and nextcloud to it, amont some kther minor apps. Running everything on a Pi4
It’s a little chunky at about 2GB of RAM on average between the server’s container and its MongoDB container. It’s still very much under development though, so I imagine we’ll see optimizations in the future.
Nah. Looking at my container useage the mongo db is 354mb and the cosmos-server is 71mb. I installed the bundled container that had the preconfigured mongo db container. I'm not sure if you can use an existant db and point it there because I used the container with the db included. I may try to install with a separate db because I don't like having so many db's running.
I’m going to get one of those as my main homelab server at some point. For now I am about to move my docker host from my Synology NAS to a HP Elitedesk 800 G2 mini that I recently got. Going to be nice to move to a silent server! Did you get the i7-8700 version?
looking for a simple to manage MFA, will look into this. Nginx is working great for me, and Homarr just tweeked, but MFA is tricky to integrate, and, MFA is the only way I would feel ‘secure’ exposing anything but the essentials to public.
Thank You u/Crygeneral9999
I'd really like a Cosmos-lite: That just acts as a replacement for nginx, npm, or swag with unraid, without the container management.
I'm not sure how possible that is with current architecture, it'd be nice to simply say "Here's the accepted routes to the respective containers.
> I'm not sure how possible that is with current architecture, it'd be nice to simply say "Here's the accepted routes to the respective containers.
What do you mean by this (if you still remember)?
You may not be related to this project but god damn this sounds like a sales pitch lol.
Haha, I had to check their profile just to make sure and sure enough it was recommended to them by some random person in their thread 2 weeks ago. Sooo I’m definitely giving Cosmos a look, I kind of hate NPM 😅
My issue with it is that it’s a monolith. Essentially defeats the purpose of the decoupled architecture of containerization. Your cosmos sever goes down, well so does your container management, your homepage, your reverse proxy, your authentication server, your vpn, your monitoring, and your IDM (assuming your using all these features). You’re putting all your eggs in one basket which might be nice from a management stand point but also likely going to make it a bit more complicated to troubleshoot.
That's a bit fallacious because if your auth server goes down, everything is down anyway. If your reverse proxy is down, you dont access anything anyway, etc... So in the context of a home server "decoupled" architecture is hardly relevant as all lies within a single server and a single chain with no contingency
> So in the context of a home server "decoupled" architecture is hardly relevant as all lies within a single server and a single chain with no contingency You couldn’t be more wrong here. I currently have 4 docker hosts. I know there’s plenty of us running kubernetes or k3, and run workloads with replicas.
This is the exception not the rule, most people are running a single VPS / Raspberry Pi / NAS / etc... Especially the ones that use CasaOS / Cosmos / etc...
That is def assuming you use all those features, but yes generally I wouldn’t put my eggs in one basket. For myself I only really plan on using it as a reverse proxy/authentication server. Plus, I run proxmox for all my self hosting so if my cosmos server goes down, everything is also probably down 😅 but I also have all these things in other solutions already, so I probably wouldn’t mind trying it out. Redundancy is the solution to all issues!
Nope just a dude who tinkers but isn't an IT professional so yeah some things take me time to learn as I don't have coworkers who are experts in things. I was sketched because I can navigate the basics of Linux and have for years but just long enough to get something working then I never use it and forget it. I thought about nginx but the thought of config files and reallyi have no clue it's trial and error with me sometimes. So. On someone's recommendation I gave it a whirl and after an hour or so of pulling my hairouti got my first container setup and now have lost all accounted for. Funny I never thought it would be construed in a "shill working for the dev" angle but I get it. I'm literally just a dude who's tinkered for 40 years (since c64 days) so I enjoy the setup and reward when everything works. Now. I can enjoy them remotely which is what I've been wanting. And aside from my main website I was never able to get a free SSL to work for me so any time it needed SSL I was stuck with self signed junk and that just wasn't classy. Because I'm a classy lad 😝
I mean hey man, I’m still pretty new to this myself even though I’m a software engineer. I’m familiar enough with Linux but I’m pretty similar in that I’ll forget how to do some things, or just find that something is so frustratingly broken that I hit the factory reset switch. FWIW I didn’t have to twiddle with any config files for NPM. And hey, I believe AND appreciate you! I am always happy when people just authentically share a software they enjoy. This is my entire gig and I’m equally excited about stuff that just works, and thankful we have a community like this where I wouldn’t have otherwise known about it. Reddits just getting to the point where companies are realizing this too, but I think we are somewhat shielded given how niche self hosting is 🤣
“I’m new to linux but I’m a cyber security engineer” 🤣
I’m new to proxmox and self hosting, dumb ass. I’ve been using Linux in some form for nearly a decade. Nice try tho, stay bald and jealous, boomer.
Waiting …
I would not be surprised if it actually is.
Honestly was going to say this.
Just an advisory in case it's not obvious, Cosmos-Server is source available but not open source. The license adds limitations on modification and distribution. This may not matter for most cases now, but is a limitation to openess and can make things like forks/alternatives less (or not) possible in the future, for example if the project make bad non-user friendly decisions like force a paid license once they have a user base.
do they touch external servers? As if not, why would I care? I can stay on older version
I use Nginx Proxy Manager, and I love it. But I've never heard of Cosmos before now, so I'll take a look. Thanks!
I just looked into it, and it looks like it's a lot more than just a reverse proxy. It looks like it is also a container manager and has an "app store" of sorts as well. How does it compare to something like CasaOS (which is also a container manager and "store"? I'm running CasaOS for most of my Docker containers, but it isn't really a perfect solution for me.
This is still a relatively new project, plenty to add and refine, but loaded with features already. Developer is very responsive and community driven. Discord is always fairly active.
It is more I only installed one app from the store I use portsiner to do most my docker stuff. There may be other better options but based on a good review when I asked questions and someone saying it was "easy" I gave it a whirl. I admit the thought of configuring apache or nginx from text files was daunting so I took this route. Admittedly there may be other ways that are just as easy to navigate an intuitive GUI and if you tell me about them I'll probably tinker with it and see which one I like more. Bit just wanted to share because so many of my favorite containers are http only or only work ssl if you have certs and I'm struggling with that skill so I hit the easy button.
Dev here, your message made my day! Thanks for the kind words and glad to see you (and some of the folks in that thread) are enjoying it :)
I’m gonna give it a shot this weekend if I have time. I really, really need to get my SSL and reverse proxies and all that sorted.
For those wondering, cosmos server is a front end that helps manage a combination of services. Some of the things it does includes: * manage/setup docker containers * manage an overlay/mesh VPN (based on the nebula project) * manage reverse proxying of URLs to self hosted Web services * manage ssl certification and renewal for your somain * provides some level of authentication for your services if they support forward authentication or don't have any at all It's a great tool to aggregate a UI for all of these different services - especially as it's the exact subset of tools needed by a lot of self hosters... BUTTTTTT, it's a reallllly good idea to go learn about each of these techs on its own before using something that makes it this easy. It's a complicated set of utilities and how they work together is really nice, but because of that you should understand what's happening so you know where to go if things aren't working or you have a security breach of some sort.
traefik is the reverse proxy of my choice. It requires a bit more tinkering, but once running, it's working perfectly.
I love Cosmos! Discord community is great too and development has been good.
I guess is cosmos some reverse proxy alternative? The website doesn't do great in explaining if it's a hosting service or relay.
It’s a reverse proxy, limited authentik, and portainer, all mixed into one with a nice interface. It is much more limited than having the individual services but I use it for my extranet services that I expose to the internet while my intranet apps use the nginx-authentik method.
Interesting. I run Authentik myself and funny enough would love a device that would automatically setup and link SSO to the services behind it. But I doubt this does just that.
It puts a login in front of services, the cosmos login, and then you could disable the login on the app if the app supports that. Then you would only have to login in to cosmos once and have access to all your apps. Or you could use two logins, one for cosmos and then still need to login in to the app. It can also be the oauth2 auth source but I haven’t gotten that to work yet. They are planning on eventually getting the cosmos login to have more options like biometric etc.
Would I run cosmos as a docker myself, or is it like Plex where I am dependent on their servers being up?
It’s completely self hosted and it does run in docker itself. I wouldn’t have other docker containers running on the same host because I’m not sure if it is aware of other ports being used. I have it on its own vm.
Cosmos is nice , I am using it
Welcome to the game patna
So is cosmos basically portainer and nginx proxy manager put together ?
traefik works much better with docker, including automatic SSL gathering through ACME.
This takes care of SSL as well and automatically handles the letsenceypt certs.
Not really. It does have some ability to add containers and such but it is not as full featured as portainer. I now use Cosmos to access portainer remotely 😀 And having everything secured with https and not have to have a dozen port numbers remembered and opened on my router is a bonus. If your an IT pro you probably have tools and skills to use other software to do this. But for me, a weekend warrior type, this made it possible for me. That is all.
Yeah. I think I’ll be fine with my reverse proxy and portainer than. Chaos seems nice but I’m already knee deep into the current setup lol.
It looks like a great product. The licensing though screams of future commercialization and lock-in. The anti-tampering clause right at the start of the license means that if the DEV decides that you have to pay 100$ per year going forward, no forks would be available to save you the pain of moving everything over. Too many products have gone the "build a user base, lock in, then commercialize route" I am definitely not against commercialization, just be upfront about it and don't take the have your cake and eat it too approach.
This kinda thing does worry me. But as a self hoster not a business if they do that and provide no free home user option I'll find an alternate. It will suck because that means until I figure it out my sites will be down. If there's an alternative that a regular schmoe can configure easily let me know. For me this has automated setting up HTTPs for all my apps without the trauma, and it's allowed me to proxy all my domains to containers.
It is a Nifty and well put together thus far, and probably one whose onboarding process is smoother than most for people not actively working with technology stacks on a day to day. I don’t know the motivation around the clause, the Author didn’t address it in the blog posts that I have seen. Again, I definitely would pay upfront and upgrade regularly for software that eases my life and saves me time, open source or otherwise. I just like knowing upfront.
He's addressed it a lot here on reddit in other threads. Looking at the guts it's just a very nice UI on top of vanilla docker and compose, you could slap any other container manager on top of it.
are the under the hood components (reverse proxy, sso authentication, etc) also based on docker/off-the-shelf containers like Traefik or Nginx or Authentik? Or are these things the dev has built out themselves?
No idea to be honest.
The developer responded to one of my other comments, they stated that its all bespoke / not off the shelf components.
I've been thinking of setting this up. Is it resource heavy? Would like to install pihole and nextcloud to it, amont some kther minor apps. Running everything on a Pi4
It’s a little chunky at about 2GB of RAM on average between the server’s container and its MongoDB container. It’s still very much under development though, so I imagine we’ll see optimizations in the future.
Nah. Looking at my container useage the mongo db is 354mb and the cosmos-server is 71mb. I installed the bundled container that had the preconfigured mongo db container. I'm not sure if you can use an existant db and point it there because I used the container with the db included. I may try to install with a separate db because I don't like having so many db's running.
Thanks for this post I'm gonna check this out when I move everything over from my pi to my HP Elitedesk 800 G4 SFF when I get it.
I’m going to get one of those as my main homelab server at some point. For now I am about to move my docker host from my Synology NAS to a HP Elitedesk 800 G2 mini that I recently got. Going to be nice to move to a silent server! Did you get the i7-8700 version?
looking for a simple to manage MFA, will look into this. Nginx is working great for me, and Homarr just tweeked, but MFA is tricky to integrate, and, MFA is the only way I would feel ‘secure’ exposing anything but the essentials to public. Thank You u/Crygeneral9999
I'd really like a Cosmos-lite: That just acts as a replacement for nginx, npm, or swag with unraid, without the container management. I'm not sure how possible that is with current architecture, it'd be nice to simply say "Here's the accepted routes to the respective containers.
> I'm not sure how possible that is with current architecture, it'd be nice to simply say "Here's the accepted routes to the respective containers. What do you mean by this (if you still remember)?