Cosmos Server — Secure Self-Hosted Home Server Platform

Introduction

Cosmos Server is an all-in-one self-hosted home server platform that combines a reverse proxy, authentication layer, container management, and security hardening into a single application. It simplifies running self-hosted services by handling HTTPS certificates, SSO, DDoS protection, and Docker container orchestration through one unified dashboard.

What Cosmos Server Does

• Provides a built-in reverse proxy with automatic Let's Encrypt HTTPS certificate management
• Adds authentication and single sign-on to any self-hosted application without modification
• Manages Docker containers with a web UI for deploying and configuring services
• Protects services with anti-DDoS, anti-bot, and geo-IP blocking at the proxy level
• Offers a marketplace of one-click installable self-hosted applications

Architecture Overview

Cosmos Server is a Go application that integrates multiple subsystems into a single binary. The reverse proxy component handles TLS termination, request routing, and rate limiting. The authentication layer provides OpenID Connect-based SSO with support for multi-factor authentication. Container management communicates with the Docker socket to deploy, monitor, and update containers. All configuration is stored in a MongoDB database, and the web UI is a React application served by the Go backend.

Self-Hosting & Configuration

• Run as a Docker container with access to the Docker socket for container management
• Complete the setup wizard on first launch to configure the admin account and domain
• Set your domain name and enable automatic HTTPS via Let's Encrypt integration
• Add applications through the built-in marketplace or configure custom container deployments
• Enable security features like geo-IP blocking, rate limiting, and bot detection in the security panel

Key Features

• Integrated reverse proxy with automatic HTTPS and Let's Encrypt renewal
• Single sign-on authentication added transparently to any proxied application
• Anti-DDoS and anti-bot protection with configurable rate limiting and geo-blocking
• Docker container management with monitoring, logs, and one-click updates
• Application marketplace with pre-configured self-hosted service templates

Comparison with Similar Tools

• Coolify — PaaS focused on app deployment; Cosmos adds security hardening and SSO as core features
• Traefik — Pure reverse proxy; Cosmos bundles authentication, container management, and security in one platform
• Portainer — Docker management UI; Cosmos adds reverse proxy, SSO, and security protection layers
• Nginx Proxy Manager — Simple proxy UI; Cosmos provides deeper integration with auth, security, and app management
• CasaOS — Home server dashboard; Cosmos focuses more on security with anti-DDoS and geo-blocking capabilities

FAQ

Q: Does Cosmos Server require privileged mode? A: Privileged mode is recommended for full container management but not strictly required for basic reverse proxy functionality.

Q: Can I use Cosmos with existing Docker Compose setups? A: Yes, Cosmos can proxy to existing containers on the same Docker network without managing them directly.

Q: How does the SSO work with third-party apps? A: Cosmos adds an authentication layer at the proxy level. Users log in once, and Cosmos forwards authenticated requests to backend services.

Q: What happens if Cosmos goes down? A: Since Cosmos acts as the reverse proxy, proxied services become inaccessible externally until Cosmos is restored.

Sources

• https://github.com/azukaar/Cosmos-Server
• https://cosmos-cloud.io