Link: github.com/azukaar/cosmos-Server/
Cosmos 0.11.0 is out with a new backup system to export all your docker containers! The Linux and Mac clients are also out for some early testing, please share your feedback!
The new backup system works by reading the list of containers on your server and exporting a single compose file, with all the setup you need to recreate (in case of crash) or migrate your server.
The backup system triggers on every docker change, including changes you’ve made outside of Cosmos (ex. Portainer, etc…).
It outputs to a single file in your config folder, which you can backup with various strategy to keep a history of your docker containers state!
As a reminder, this exists alongside the existing features:
- App Store 📦📱 To easily install and manage your applications, with simple installers, automatic updates and security checks
- Customizable Homepage 🏠🖼 To access all your applications from a single place, with a beautiful and customizable UI
- Reverse-Proxy 🔄🔗 Targeting containers, other servers, or serving static folders / SPA with automatic HTTPS, and a nice UI
- VPN 🌐🔒 To securely access your applications from anywhere, without having to open ports on your router.
- Authentication Server 👦👩 With strong security, multi-factor authentication and multiple strategies (OpenId, forward headers, HTML)
- Container manager 🐋🔧 To easily manage your containers and their settings, keep them up to date as well as audit their security. Includes docker-compose support!
- Identity Provider 👦👩 To easily manage your users, invite your friends and family to your applications without awkardly sharing credentials. Let them request a password change with an email rather than having you unlock their account manually!
- SmartShield technology 🧠🛡 Automatically secure your applications without manual adjustments (see below for more details). Includes anti-bot and anti-DDOS strategies.
As always, eager to get some feedback on this release, here’s the rest of the changelog:
- Docker export feature for backups on every docker event
- Disable support for X-FORWARDED-FOR incoming header (needs further testing)
- Compose Import feature now supports skipping creating existing resources
- Compose Import now overwrite containers if they are differents
- Added support for cosmos-persistent-env, to persist password when overwriting containers (useful for encrypted or password protected volumes, like databases use)
- Fixed bug where import compose would try to revert a previously created volume when errors occurs
- Terminal for import now has colours
- Fix a bug where ARM CPU would not be able to start Constellation
happy hosting!
Looks and feels decent.
One major thing unless I am blind, Sabnzbd is not in the marketplace, but nzbget is, which has been abandoned so could lead to security risks?
You are correct, and Sab is due to be added
If it weren’t a Docker/Portainer replacement and were solely responsible for security, I would use it. Multiple applications are needed to have all the good security measures that you have implemented in one application.
Docker is an important ingredient in the mix, to isolate the applications completely, and make things much more streamlined than traditional VM, but I understand if it’s not for everyone!
noob question but would I be able to install this on a free-tier VPS and use it to manage content on a seedbox (without root access) and services on my local network?
You need root access to manage docker containers that’s (almost) unavoidable. Also Cosmos does not support managing remote docker instances. On the other hand, a good (and secure) pattern is to use Constellation (the integrated VPN) on 2 servers with cosmos installed on each. you can connect them together. One of the servers (the seedbox) is the main server running services but it is not exposed on the internet and the only way to access it is to connect to the VPN on the other VPS
I’ve tried a number of these “stacks” and some have great communities and others not so much. But the peeps with Cosmos are amongst the very best. Extremely helpful. Cosmos and YAMS are the best IMHO.
Installed this on my VPS a couple of days back. Look and feel fantastic and functionality like a swiss army knife. I temporarily had to turn off my container and turn back npm on. I definitely want to spend time this week to make this up and running.
- Is there any guidance on if a subdomain is preferred over the domain ? For the first time, I used my main domain. And it somehow broke my existing let’s encrypt certificate. I purged the folders and did a clean reinstall, this time on a subdomain. Works but somehow the certificate broke again. (Too many certificates or something like this)
- Could this be because I clicked “new certificate” while I had temporarily turned off my NPM containers to try Cosmos ?
- I think domain is preferable for home servers because then you get subdomains for apps, which are easier and can also share the auth cookies for SSO
- you probably had a cached certificate
Thanks. For VPS then can I ignore the domain field during setup, and do a reverse proxy later to the cosmos container (via cosmos reverse proxy) to access it via the web ?
You need to setup the hostname in the Cosmos installer if that’s what you are asking. You can put your IP or something if you dont have your domaoin yet
No I have a domain already, and that’s what I did during the first try. I have a blog (docker container with ghost) on XYZ.com. As soon as I installed cosmos, that blog went away and got replaced with cosmos as the host started pointing to the docker container of cosmos.
This is why I would like to install cosmos on my subdomain.
Question is can I install cosmos on - cosmos.xyz.com ? Or is it a requirement to have it on XYZ.com entered during setup ?
Hey! I’ve been recently getting into VPN and 2fa and could you give me a eli15 for this? How does this work?
I currently have my entire server port forwarded and reverse proxied on port 80 and a duckdns domain, with homepage running on port 80. After implementing this, will port 80 be taken over by cosmos?
The VPN part is basically a “secret” (encrypted) tunnel between multiple devices/servers. Whenever one device wants to talk to your server, it sends messages via the tunnel, and on the other end, the tunnel dispatch the message to the right port. Using this, you have access to your server without exposing all your ports, so only people connected to your VPN can see it. Keep in mind this is different than a traditional VPN who transfer all your data to the server to hide your IP. Here only the traffic to your server is tunneled. This way your other activities are not affected (performance wise especially)
2FA uses any authenticator app (the one where you scan a QR code and get a 6 digits number) to protect your account. If someone gets your password, they still cant login because they also need your phone (unlocked) to get the 6 digits (it changes every 30 secs)
Does it support Podman or is it just Docker? If it’s just Docker, please consider Podman support as it’s open source and most secure by default thanks to running as a user instead of as root yet is almost completely compatible with Docker.
I am considering Podman support but probably more next year when Cosmos is feature-complete for 1.0
Keep in mind it might be a challenge to do everything rootless but I will see what I can do
Excellent! Good to hear it may be on the way!
Wow this is interesting. Gotta try this tonight.
looks very cool, will have to give it a good go, thanks for all the effort! :)
Thanks!!
Wait, just to be clear, is this basically like what Truenas’ apps does, but standalone? Cause holy shit I was looking for something like this for a while. Does it support mounting network drives via NFS?
Truenas
Haven’t used it, but it looks like there are overlap.
Cosmos does not yet have storage management (but soon) and uses Docker instead of VM
So Cosmos is basically just a pre-configured docker app “store”? How do you decide which containers go into the apps menu? Why does the descriptions in Github feel like it uses boldtext for some fearmongering?
Dope, it’s only for Docker tho.
Docker is an important ingredient in the mix, to isolate the applications completely, and make things much more streamlined than traditional VM, but I understand if it’s not for everyone
would it be possible to move from portainer+ caddy to cosmos ? i’m more concerned about path mapping.i have everything in different folders.
You dont need to do anything to migrate, Cosmos will just work with Portainer, including just picking up your existing containers
Does it support podman? ideally as non root
I just got into selfhosted using Cosmos and I’d like to cause it makes everything less overwhelming
This is a wonderful way of describing something I was looking for.
Going to give this a shot. Fingers crossed lol.
Glad to hear it :)
Okay i didnt knew about this and looks amazing