Cosmos-Server is a comprehensive self-hosted home server platform designed to secure and manage personal applications like Plex, HomeAssistant, and blogs without sacrificing ease of use. It addresses the growing risk of vulnerable self-hosted services by integrating security features—such as multi-factor authentication, anti-bot defenses, and automatic HTTPS—directly into the server gateway. Unlike traditional solutions that lock users into their ecosystem, Cosmos works with any Docker container or existing service, providing a unified interface while preserving full control over your infrastructure. It’s ideal for home users and hobbyists who want enterprise-grade security without complex configuration or vendor lock-in.
Built with modularity in mind, Cosmos combines a web-based UI with terminal-compatible commands to serve both beginners and advanced users. It supports Docker Compose, RClone-based network storage, VPN access via WireGuard, and intelligent threat detection through its SmartShield technology. All features are designed to protect your data at rest and in transit, with end-to-end encryption for backups and no reliance on third-party cloud providers for security.
What You Get
- App Store - Install, update, and manage applications with one-click installers or import existing Docker Compose files. Includes automatic security checks and version monitoring.
- Reverse-Proxy with Automatic HTTPS - Expose services via a secure reverse proxy that automatically provisions Let’s Encrypt SSL certificates. Supports static sites, SPAs, and containerized apps.
- Authentication Server with MFA & OpenID - Centralized login with multi-factor authentication and support for OpenID Connect, allowing SSO across all hosted services.
- SmartShield Technology - Automated anti-bot and anti-DDOS protection with IP rate limiting, geo-blacklisting, TCP-level filtering (SSH, FTP), and behavioral analysis to block malicious traffic without manual rules.
- Container Manager - Monitor, start/stop, and audit Docker containers with built-in update notifications and security vulnerability scanning.
- Storage Manager - Manage local disks with support for MergerFS and Parity Disks to combine and protect storage volumes.
- Network Storage (RClone) - Mount remote storage like Dropbox, Google Drive, or NFS shares via a secure web UI with SmartShield protection.
- VPN (WireGuard) - Securely access your home network from anywhere without port forwarding, with mesh and CGNAT bypass support.
- Backups with Restic - Schedule incremental, encrypted backups to local or remote destinations (e.g., S3, Backblaze) with automatic verification and retention policies.
- Monitoring & Alerts - Real-time system monitoring with historical data graphs, customizable thresholds, and notifications via email or Discord.
- Identity Provider - Manage multiple user accounts with invite links, password reset requests via email, and granular access controls per application.
- CRON Scheduler - Run scheduled tasks on the host or inside containers via a web interface, with logs and execution history.
- Modular Architecture - Run only the components you need (e.g., disable Docker or HTTPS) without affecting other features.
Common Use Cases
- Building a secure media server with Plex and HomeAssistant - Install both apps via the App Store, apply automatic HTTPS and MFA to their interfaces, then use SmartShield to block bot scans targeting known vulnerabilities in Plex or HA plugins.
- Securing a home blog or portfolio site - Deploy a static site using Nginx in Docker, expose it via Cosmos’s reverse proxy with automatic Let’s Encrypt SSL and IP rate limiting to prevent brute-force attacks.
- Problem → Solution flow: Unsecured NAS exposed to the internet → Full security stack with Cosmos - A user exposes their Synology via port forwarding and gets targeted by bots. They install Cosmos, migrate services to Docker containers, enable SmartShield for TCP protection on SSH and FTP, then disable direct port access entirely.
- Team/home shared server with multiple users - A family shares a home server running Plex, Nextcloud, and a personal wiki. Each member gets their own Cosmos account with MFA, granular app access permissions, and encrypted backups—all managed from a single dashboard.
Under The Hood
Azukaar Cosmos Server is a full-stack web application designed for containerized system administration, offering integrated tools for managing Docker containers, storage systems, backups, and proxy configurations through a unified web interface. It combines a Go-based backend with a React/TypeScript frontend to deliver a modular and extensible platform for modern infrastructure management.
Architecture
Azukaar follows a modular architecture with clear separation between frontend and backend components, emphasizing component-based UI design and service-oriented backend logic.
- Monolithic architecture with distinct frontend and backend layers, enabling scalable system management
- Well-defined modules for authentication, container orchestration, storage handling, and backup operations
- Middleware-based security model with hostname validation, CORS handling, and authentication layers
- REST-like API design that supports both admin and user-level access with proper endpoint segregation
Tech Stack
Azukaar leverages a modern full-stack technology ecosystem to support robust container and system management.
- Backend built in Go with Gorilla Mux router and standard library for efficient API handling and container operations
- Frontend developed using React, TypeScript, and Material UI components with extensive use of MUI and Ant Design
- Comprehensive dependency management using npm, with integration for Docker containerization and system orchestration
- Vite-based build pipeline and testing frameworks including Jest and React Testing Library for frontend validation
Code Quality
The project demonstrates solid code organization and error handling practices, though some inconsistencies exist across the dual-language stack.
- Extensive middleware usage for security and request handling, ensuring consistent authentication and logging
- Consistent error handling with detailed status codes and structured logging across backend services
- Modular frontend architecture with reusable components and clear separation of concerns in UI logic
- Limited test coverage across the codebase, though core functionalities show some testing integration
What Makes It Unique
Azukaar distinguishes itself through its integrated approach to system administration, combining container orchestration with storage and backup capabilities.
- Built-in backup solution powered by Restic, offering repository and snapshot management within the platform
- Multi-protocol container support including Docker and custom compose handling for flexible deployment options
- Comprehensive storage management with RAID, mergerFS, and disk formatting tools for advanced users
- Self-signed certificate handling and hostname validation as part of its built-in security framework