Based on homepage, it shows permanently on a vertical monitor hanging off a bookshelf in my office.

link: https://github.com/azukaar/Cosmos-Server/

0.18 is out! And it is juicy!

https://preview.redd.it/b47y2yu3ebke1.png?width=1280&format=png&auto=webp&s=b2f151e4d2145f789691cbb6623cd8415af456ff

2 years ago, I started a journey to try and make self-hosting an accessible and safe alternative to SaaS product. Make servers reliable, well setup, and secured, for people to be able to manage their personal corner of the web, without sacrificing all their weekend and without sacrificing utility. Updates after updates, Cosmos has slowly built-up toward that goal, slowly adding important, large features such WAF, then VPN, then monitoring, etc... And finally, 2 years later, the final pillar of the Cosmos ecosystem has been built: backups! With this in, Cosmos is finally what I would consider to be an extensive but flexible 360 solution to self-hosting your digital life at home.

Additionally to this, other changes have been made to improve quality of life, with (among other things) a focus toward support for standalone, non-FQDN setups (basically improving support for .local and self-sign HTTPS certificate, with the new integrated CA)

As reminder, this is along-side the existing features:

• App Store 📦📱 To easily install and manage your applications, with simple installers, automatic updates and security checks. This works alongside manual installation methods, such as importing docker-compose files, or the docker CLI
• Storage Manager 📂🔐 To easily manage your disks, including Parity Disks and MergerFS
• Network Storages 📡📂 Based on RClone, To easily manage your network storages, including accessing remote ones (ex. Dropbox) or share NFS / FTP / ... from the UI, protected by the smart shield
• Reverse-Proxy 🔄🔗 Targeting containers, other servers, or serving static folders / SPA with automatic HTTPS, and a nice UI
• Authentication Server 🔐👤 With strong security, multi-factor authentication and multiple strategies (OpenId, forward headers, HTML)
• Customizable Homepage 🏠🖼 To access all your applications from a single place, with a beautiful and customizable UI
• Container manager 🐋🔧 To easily manage your containers and their settings, keep them up to date as well as audit their security. Includes docker-compose support!
• VPN 🌐🔒 To securely access your applications from anywhere, without having to open ports on your router.
• Monitoring 📈📊 Fully persisting and real-time monitoring with customizable alerts and notifications, so you can be notified of any issue.
• Identity Provider 👦👩 To easily manage your users, invite your friends and family to your applications without awkardly sharing credentials. Let them request a password change with an email rather than having you unlock their account manually!
• SmartShield technology 🧠🛡 Automatically secure your applications without manual adjustments (see below for more details). Includes anti-bot and anti-DDOS strategies. Now includes TCP protection (FTP, SSH, Games, ...)
• CRON 🕒🔧 To easily schedule tasks on the server or inside containers

https://preview.redd.it/i69tc9n4ebke1.png?width=1792&format=png&auto=webp&s=a9548d2c2c0344c8c717727b2d0d9cb476026a9d

New SSO Web Auth Gate

The Cosmos web auth gate is the feature that allows you to put a login screen on top of applications that do not have them included, or maybe have some less secure version (ex. just a http basic auth form). Thanks to this feature, you can put a proper secure login form in front of any page, with support for 2FA and so on. This was one of the first feature implemented in Cosmos, and it has been overhauled! The main change has been to change it from using a login form to using OpenID internally. The result is that it helps working around the browser limitation of cookies and domains.

Previously, if you had a Cosmos setup with multiple domains/sub-domains (ex cosmos.domain.com and app.domain.com) You would need to log into both those URLs separately (with the same account, but still) because the browser cannot share the cookies. it is now not required anymore, which is going to help a lot for people using .local domains. Also the login time has been extended to one week instead of 48h to ensure you dont need to login all the time.

https://preview.redd.it/0ivb6c7vebke1.png?width=1792&format=png&auto=webp&s=b9dee510acbccac629f88ca4826a96730dcc4694

SUDO Admin Mode

I was always worried about extending the session time (previously 48h) to a longer duration because your account can control everything on Cosmos... On the other hand, having to login all the time is frustrating! Starting 0.18, I was able to extend the duration of the session to one week (please note that means you are logged off after one week of inactivity, not after one week from login).

In order to keep your server safe, your session will now be a non-admin, sudo-able session, just like you would have in a Linux environment. You can use any of your apps normally, but if you want to do some admin stuff in the Cosmos dashboard, there is a new "Admin" button on the top right that allows you to sudo yourself temporarily into an admin to do maintenance work.

https://preview.redd.it/m5kdtbanfbke1.png?width=1920&format=png&auto=webp&s=b934591c1a282ae0208ff514a28d9e8e153769c0

https://preview.redd.it/sdujjczofbke1.png?width=1792&format=png&auto=webp&s=82110986d069d4bdfcfa0c0ae99d6d8c88a4a221

HTTPS Certificate Authority

Self-signed HTTPS certificates have a lot of shortcomings. You need to manually trust them in your browser, and some apps (especially in IOS, like Emby) straight out do not accept them. In 0.18, Cosmos now integrate and manages its own CA. This means, instead of manually trusting certs, you can trust the CA once on your device, and Cosmos will always use it to renew certs.

This will solve most issues self-signed certs will have! Again, a huge leap forward to allow using .local domains instead of FQDN. Any of your user can go to the "trust" tab and trust the CA themselves on their device:

https://preview.redd.it/2cpp3vo7gbke1.png?width=1920&format=png&auto=webp&s=d06476284ed5a466aea5af54bae478ae129bc467

https://preview.redd.it/y4tkws79gbke1.png?width=1792&format=png&auto=webp&s=d164479c37a08700d502b91c30835b912c734363

Backups

The star of the show: Backups! Backups are a critical part of any system. In the event of a catastrophic failure, backups are the main way to recover your data. It is important to have a backup strategy in place to ensure that your data is safe and secure.

Cosmos includes an entire backup system that allows you to easily create and manage backups of your data. This system is designed to be flexible and easy to use, allowing you to create backups on a schedule or manually. The backups are also encrypted for your security.

It uses Restic under the hood, allowing you more control, even if you were to stop using Cosmos. Please note that this is part of the premium version of Cosmos!

https://preview.redd.it/byha4s9ugbke1.png?width=1920&format=png&auto=webp&s=c761598e9f4247ce77d31f4cc8c4f55dd1a3a0cc

Navigate the snapshots and restore data (fully or partially) in the original folder or elsewhere

https://preview.redd.it/h7d3s2vugbke1.png?width=1920&format=png&auto=webp&s=c2d39dde1ba496606a120a945a42aa8dc3016dd0

The Integration between Rclone and Restic allows you to seamlessly backup any folder into any remote storage supported by RClone (which you can also manage from the Cosmos UI!).

https://preview.redd.it/cxw7z6vzgbke1.png?width=1137&format=png&auto=webp&s=ffc5fe3ad6b84454685f7a1e3c9f3b48bab235a3

Conclusion

This update is yet again a huge leap forward in term of quality of life, and the backup feature wraps up two years of intensive work on feature implementation for Cosmos. Moving forward, the focus will be shifted slightly toward improving existing feature, improving stability, and implementing smaller feature, like the lazy container feature. The only big feature I can think of I'd like to implement sometime in the future are custom dashboard. Something else that I want to focus on eventually, is integration with apps. Finally, a lot of work is left to do in Constellation to improve the VPN feature.

But until then, I am going to take a breather, appreciate and be grateful what we've all been able to achieve together. Cosmos is a HUGE ambitious project, and I still cannot believe how far it has come. As I always say, thanks for all of you, your trust and your support!

Changelog

 - UI to backup and restore containers/folders/volumes using Restic - Implements sudo mode - your normal token last longer, but you need to "sudo" to do admin tasks - Re-Implements the SSO using openID internally - fixes issue where you need to re-loging when app are on different domains (because of browser cookies limitations) - Implements local HTTPS Certificate Authority, to locally trust self-signed certificates on devices - Added new folder button to file picker - Cosmos now waits for CRON jobs to be over before restarting the server - Fixed bug with RClone storage duplication in the UI - Implements hybrid HTTPS with public and self-signed certificates switched on the fly - OpenID now returns more info in case of errors when Cosmos is in debug mode - Localizations improvements (Thanks @madejackson) - Improved local IP detection (Thanks @r41d) - Updated LEGO to 4.21.0 - Largely improved the experience of non-admin users (extra errors should all be gone) - Fixed file picker prefix issue in docker container - Added OpenID IDTokenSigningAlgValuesSupported - Added protocol in openid discovery endpoint - Fix RClone not starting (hopefully) - Added traditional Chinese translation - Avahi now ignores virtual interfaces - Fixed bug preventing the local mDNS broadcaster from publishing over 17 entries - Fixed bug with restarting slave Constellation node's Nebula process - UI to backup and restore containers/folders/volumes using Restic - Implements sudo mode - your normal token last longer, but you need to "sudo" to do admin tasks - Re-Implements the SSO using openID internally - fixes issue where you need to re-loging when app are on different domains (because of browser cookies limitations) - Implements local HTTPS Certificate Authority, to locally trust self-signed certificates on devices - Added new folder button to file picker - Cosmos now waits for CRON jobs to be over before restarting the server - Fixed bug with RClone storage duplication in the UI - Implements hybrid HTTPS with public and self-signed certificates switched on the fly - OpenID now returns more info in case of errors when Cosmos is in debug mode 

Hey everyone,

I’ve been working a project that I believe could help shift control of personal data back into the hands of users—introducing SPHERE: Secure Peer-to-Peer Hosted Encryption Record Exchange.

SPHERE is a fully decentralized, encrypted contact and identity framework that eliminates the need for central servers. It’s designed from the ground up with privacy, security, and scalability in mind, making it a foundation for apps that prioritize user control over data.

What Does SPHERE Do?

• Decentralized Identity Management: Each user controls their own data and contact list, shared only with approved peers.
• End-to-End Encryption by Default: Communication is fully encrypted with AES-256, RSA-2048, and ECDSA signatures to ensure secure and private interactions.
• Distributed Hash Table (DHT): Built-in decentralized storage for efficient peer discovery and secure contact management.
• Sybil-Resistant Proof-of-Work Token System: Protects the network from spam and bot attacks without the need for financial incentives or mining.
• Cross-Platform Support (Coming Soon): Currently optimized for .NET 8 with plans to extend support for Java and mobile platforms (Android/iOS).

How Can You Use SPHERE?

• Self-hosted contact manager → Own your contact list, share only with trusted contacts.
• End-to-end encrypted messaging → Build decentralized messaging systems without relying on centralized servers.
• Secure identity verification → Use cryptographic proofs instead of third-party logins (no more "Sign in with Google").
• Privacy-focused app backbone → Developers can build apps on SPHERE’s decentralized, zero-trust architecture.

Documentation & Resources

• GitHub Repository: SPHERE on GitHub
• Wiki & Technical Documentation: SPHERE Wiki
• Architecture Overview: SPHERE Architecture
• Getting Started Guide: Setup & Use

Why SPHERE?

Centralized platforms (even some decentralized projects) still rely on federated servers or third-party infrastructure. SPHERE aims to:

• Eliminate central points of failure
• Allow users to fully control their personal data
• Create a privacy-first framework for future decentralized applications

Looking for Feedback & Contributors

I’ve been developing SPHERE for about a month, and I’m now looking for feedback from this community:

• If you’re a developer interested in decentralized networks, encryption, or peer-to-peer systems, I’d love your thoughts.
• If you want to contribute, feel free to dive into the GitHub or suggest improvements.
• If you’re a privacy advocate or security researcher, I’m open to suggestions for improving SPHERE’s security model.

Quick Links

• Security Features
• Use Cases
• Future Plans for SPHERE

TL;DR:

SPHERE is an open-source, fully decentralized framework designed for privacy-first communication, contact management, and identity verification. It’s built to ensure that users own their data, not corporations or third parties.

I’m excited to hear your thoughts and collaborate with anyone interested in pushing decentralized technology forward!

Ask me anything!

Max, Marc and Clemens here, founders of Langfuse (https://langfuse.com), an open-source LLM engineering platform. We wanted to introduce our project to you all and share some updates.

What is Langfuse?

Langfuse is an open-source (MIT license) platform that helps teams collaboratively build, debug, and improve their LLM applications. It provides tools for language model tracing, prompt management, evaluation, datasets, and more—all natively integrated to accelerate your AI development workflow. (Feature overview: https://langfuse.com/docs)

+2,500 Active Deployments

We’re excited that there are now over 2,500 active deployments of Langfuse! The support from the community has been incredible.

One of our goals is to make Langfuse as easy as possible to self-host. Whether you prefer running it locally, on your own infrastructure, or on-premises, we’ve got you covered. We provide detailed self-hosting guides (https://langfuse.com/self-hosting) for various deployment scenarios, including:

• Local Deployment: Get up and running in 5 minutes using Docker Compose.
• VM Deployment: Run Langfuse on a single VM.
• Docker and Kubernetes (Helm): For scalable and production-ready setups.

Langfuse v3

We released Langfuse v3 a couple of weeks ago, which brings significant improvements in performance, scalability, and reliability: https://langfuse.com/changelog/2024-12-09-Langfuse-v3-stable-release

Previous Setup (v2)

https://preview.redd.it/xfg2o5v41ike1.png?width=813&format=png&auto=webp&s=7201f3f21149bb183ae602c31923601ba53f5377

In v2, Langfuse relied primarily on PostgreSQL for both transactional and analytical workloads. While this worked for smaller deployments, we faced challenges scaling to handle larger volumes of data and higher throughput.

New Setup (v3)

https://preview.redd.it/ipwdosj21ike1.png?width=1164&format=png&auto=webp&s=499feb0c767758597de4f249bc410cf942cac478

With v3, we’ve overhauled the architecture to optimize for high performance and scalability:

Application Containers:

• Langfuse Web: The main web application serving the UI and APIs.
• Langfuse Worker: Processes events asynchronously to offload heavy processing tasks.

Storage Components:

• PostgreSQL: Handles transactional workloads.
• ClickHouse: A high-performance OLAP database storing traces, observations, and scores.
• Redis/Valkey: An in-memory data store used for queuing and caching.
• S3/Blob Store: Stores incoming events, multi-modal inputs, and large exports.

Main Improvements in v3:

Performance:

• ClickHouse Integration: Optimized for handling large-scale analytical queries efficiently.
• Asynchronous Processing: The worker container ensures that heavy tasks don’t block the main application.
• Caching Mechanisms: Redis is used for caching API keys and prompts, reducing latency and database load.

Scalability and Reliability:

• Queued Trace Ingestion: Handles high spikes in request load without timeouts or errors.
• Event Recoverability: Incoming events are persisted in S3 before processing, ensuring data isn’t lost even if the database is temporarily unavailable.

New Features in v3:

• LLM-as-a-Judge Evaluators: Run scalable and reliable evaluations directly within Langfuse.
• Prompt Experiments: Test and compare different prompts against datasets.
• Batch Exports: Export large amounts of data easily.

You can check out our new self-hosting documentation (https://langfuse.com/self-hosting) to get started, or let Marc explain to you how to start Langfuse in 5 minutes using Docker Compose (https://youtu.be/we52x5-a_Acv).