Cosmos-Server

All-in-one self-hosted home server with SmartShield anti-DDoS, Nebula mesh VPN, automatic HTTPS, and a 250-app marketplace — all secured behind a unified auth layer.

6Kstars
232forks
Custom / Unknown
JavaScript

Cosmos-Server is a comprehensive self-hosted platform that turns any Linux machine, NAS, or Raspberry Pi into a fully secured, managed home server. Rather than patching together a reverse proxy, VPN, auth service, and app manager from separate tools, Cosmos integrates all of them behind a single web UI. Its SmartShield system — a stateful per-route request budget tracker — automatically blocks bots, throttles abusive IPs, and applies geo-restrictions without manual firewall rules, making it one of the few home server solutions that actively assumes the applications it runs may themselves be untrustworthy.

The platform ships with Constellation, an embedded Nebula overlay network that enables zero-trust device-to-device mesh networking without opening router ports or relying on Cloudflare. Combined with the built-in WireGuard-compatible VPN and OpenID Connect SSO, this means every service hosted on Cosmos benefits from strong identity and network-level security by default. Automatic Let’s Encrypt HTTPS, Docker container management with Compose support, Restic-based encrypted backups, and real-time monitoring complete the picture for operators who want production-grade reliability on commodity hardware.

Cosmos is built on a Go backend with an embedded lungo database (MongoDB-compatible, no separate daemon required) and a React 18 frontend with Material UI. A 250-app marketplace makes initial setup frictionless, while the modular architecture lets experienced users disable components they don’t need — running it purely as a reverse proxy, or purely as a container manager, without the rest of the stack in the way. The codebase is actively maintained with frequent releases and a growing community.

What You Get

  • App Marketplace - One-click installation of 250+ curated applications with automatic security audits, update notifications, and Docker Compose import support for non-marketplace apps.
  • SmartShield Anti-Bot/DDoS Engine - Stateful per-route request budget tracking that issues temporary and permanent IP bans based on adaptive thresholds, plus TCP-level protection for SSH, FTP, and game servers — not just HTTP.
  • Reverse Proxy with Automatic HTTPS - Domain-based routing to Docker containers, external servers, or static folders with automatic Let’s Encrypt certificate issuance and renewal via the ACME protocol.
  • Constellation Mesh VPN - Embedded Nebula overlay network enabling authenticated, zero-trust device-to-device tunneling across CGNAT without opening router ports, managed entirely from the Cosmos UI.
  • Authentication Server with MFA and SSO - Centralized user management with TOTP-based multi-factor authentication, email password resets, invitation-based onboarding, and OpenID Connect for single sign-on across hosted apps.
  • Container Manager - Full lifecycle control of Docker containers including start/stop, log streaming, environment variable editing, update monitoring, and Docker Compose support with security audit overlays.
  • Storage Manager - Local disk management with Parity Disk and MergerFS support for redundancy and pooled storage, plus an RClone-based network storage connector for Dropbox, NFS, FTP, and other remotes.
  • Restic Backup System - Scheduled, encrypted, incremental backups to local or remote repositories with restore functionality, managed through the web UI without CLI knowledge.
  • Real-Time Monitoring and Alerts - Persistent metrics collection for CPU, memory, disk, and per-container health stored in an embedded MongoDB-compatible database, with configurable alerts via email or webhook.
  • Customizable Homepage Dashboard - Unified launcher for all hosted services with custom icons, widgets, and layouts, configurable per user for shared family or small-team deployments.
  • CRON Scheduler - Web-based interface for scheduling tasks on the host or inside containers, replacing manual crontab editing for non-technical users.
  • Terminal Access - In-browser xterm.js terminal for direct shell access to the server or running containers, secured behind the same authentication layer as all other features.

Common Use Cases

  • Secure home media server - A household runs Plex, Jellyfin, and Audiobookshelf behind Cosmos’s reverse proxy and SmartShield, sharing access with family members through OpenID SSO and the Constellation VPN instead of exposing ports to the public internet.
  • Consolidated home lab - A developer replaces a fragmented Nginx Proxy Manager + Authelia + Portainer + Grafana stack with Cosmos, gaining a unified UI for proxying, authentication, container management, and monitoring while still retaining direct Docker CLI access for advanced use.
  • Small office intranet - A five-person team deploys internal tools — a CRM, file server, and project tracker — on a local machine with Cosmos enforcing MFA and role-based access, ensuring no data transits external networks and no passwords are shared manually.
  • IoT and camera hub - A smart home operator connects IP cameras and home automation controllers to Cosmos, using SmartShield to block internet scanners and Constellation to securely view feeds from mobile devices without a commercial VPN subscription.
  • CGNAT bypass for remote access - A user on a carrier-grade NAT network enables Constellation networking to reach their home server from anywhere without port forwarding, using the Nebula-based mesh as a lightweight alternative to a hosted VPN service.
  • Containerized service orchestration - A small SaaS operator self-hosts several Docker-based services on dedicated hardware, using Cosmos’s scheduler and marketplace to manage deployments, automatic HTTPS, and container health monitoring from a single interface.

Under The Hood

Architecture Cosmos runs as a monolithic Go binary with domain-segregated packages for Docker management, reverse proxy, authentication, constellation networking, backups, metrics, and app marketplace. Each subdomain owns its API handlers, but the boundaries are permeable — handlers frequently reach into a shared utils package for global configuration singletons and cross-cutting concerns. HTTP routing uses gorilla/mux with middleware chains for JWT authentication and go-chi rate limiting applied inline per route. The pro package stubs out cluster-scheduler features behind IsPro() gates, providing a clean extension seam; the rest of the system lacks similar abstraction points. Data flows from request handlers directly into business logic that mutates YAML configuration files or calls Docker SDK and embedded-MongoDB operations without repository or service layers between them.

Tech Stack The backend is written in Go 1.25, using gorilla/mux for HTTP routing, go-chi/httprate for request throttling, and lego/ACME for automatic Let’s Encrypt certificate management. Persistence uses lungo, an embedded MongoDB-compatible engine that requires no external daemon while supporting full Mongo query semantics. The Constellation subsystem shells out to Nebula binaries and uses NATS.io JetStream for cluster leader election and task distribution in the Pro tier. Authentication relies on JWT tokens with golang-jwt, bcrypt password hashing, and TOTP for MFA. The React 18 frontend combines Material UI v5, Redux Toolkit, ApexCharts for dashboard visualizations, xterm.js for in-browser terminal access, and i18next for internationalization, bundled with Vite and served as a static SPA embedded directly in the Go binary.

Code Quality Testing coverage is minimal: no Go test files exist anywhere in the backend codebase, and the single React test file is a shallow smoke test. Error handling is inconsistent across the Go layer — some handlers return typed HTTP error responses while others log and swallow errors silently. Type safety is undermined by extensive use of map[string]interface{} in configuration parsing and API handlers, which pushes validation errors to runtime rather than compile time. The frontend benefits from ESLint with airbnb-typescript rules and Prettier configuration, providing reasonable quality enforcement for JavaScript. No Go linting configuration was found, and CI artifacts focus on build and Docker image publication rather than test execution.

What Makes It Unique Cosmos’s most distinctive technical contribution is its Constellation network, which embeds the Nebula overlay protocol — originally developed at Slack for zero-trust internal networking — rather than wrapping WireGuard. This enables full mesh device authentication across CGNAT without open ports and supports multi-node cluster formation via NATS JetStream in the Pro tier. The SmartShield engine is a stateful, adaptive request-budget tracker that goes beyond rate limiting by modeling per-IP behavior patterns and issuing tiered bans, with TCP-level shielding extending the same logic to non-HTTP services. Using lungo as an embedded MongoDB-compatible store means operators gain persistent, queryable metrics and event history without running a separate database process. The combination of these capabilities in a single self-hosted binary, with an app marketplace and no vendor lock-in, distinguishes Cosmos from alternatives that address only one or two of these concerns.

Self-Hosting

Cosmos-Server is released under Apache 2.0 with two additional restrictive clauses: the Commons Clause and an Anti-Tampering Clause. The Commons Clause prohibits selling the software or a product whose value derives substantially from it — meaning you cannot offer Cosmos as a paid hosting service without negotiating a separate commercial license with the author. The Anti-Tampering Clause restricts modification of license enforcement logic. For self-hosters running it on their own hardware for personal or internal business use, these restrictions have no practical effect: you can use, modify, and run it freely without paying anything.

Operating Cosmos yourself means taking full responsibility for the server it runs on. The software manages Docker, certificates, user accounts, and network configuration on your behalf, which means it requires elevated privileges and broad system access. You are responsible for keeping the host OS and Cosmos itself updated, managing disk capacity for backup repositories and metrics storage, and ensuring your hardware remains available. The embedded lungo database, Nebula binaries, and Restic executable are bundled or fetched at first run, so initial setup has external network dependencies. Backups require a valid license check and cannot run inside a Docker container — they must run on the host directly.

There is no official hosted or managed version of Cosmos-Server that would provide SLAs, managed upgrades, or cloud-native HA. Community support is available via the project’s Discord server, and the author maintains a GitHub issue tracker. Compared to managed alternatives like Cloudron or commercial home-server appliances, you give up guaranteed uptime, professional support tiers, and automatic failover. The Pro tier adds cluster scheduling with NATS JetStream, multi-node deployments, and placement strategies, but it is implemented as open stubs in the public codebase — access to the actual Pro binaries requires contacting the project author directly.

Join founders buildingwith open source

Opinionated takes, migration guides, cost-saving tips, and insights from the open source ecosystem.

Subscribe on Substack

No spam. Unsubscribe anytime.

Join 750+ subscribers
No spam. Unsubscribe anytime.

Search