You can, not all feature will work thought because with traefik, if you use labels based routes you won’t be able to chain proxies
You can, not all feature will work thought because with traefik, if you use labels based routes you won’t be able to chain proxies
Yep it was a huge pain in the ass!
Thanks!
On syno a simple docker run will do it, there’s nothing “Specific” to syno AFAIK
Aside from freeing the ports 80/443 if you want to use them
Using an outdated version of a container (including DBs!) that have known vulnerabilities that will be very easy to exploits including by bots, is so much worse than the risk of a container breaking after an update. Just monitor your server properly and you’ll be good
You need to setup the hostname in the Cosmos installer if that’s what you are asking. You can put your IP or something if you dont have your domaoin yet
- I think domain is preferable for home servers because then you get subdomains for apps, which are easier and can also share the auth cookies for SSO
- you probably had a cached certificate
Truenas
Haven’t used it, but it looks like there are overlap.
Cosmos does not yet have storage management (but soon) and uses Docker instead of VM
I am considering Podman support but probably more next year when Cosmos is feature-complete for 1.0
Keep in mind it might be a challenge to do everything rootless but I will see what I can do
Another way of seeing it is, if Cosmos wasn’t a container it would see `/` anyway. It’s not extra access, it’s just a workaround for Docker
Cosmos is a fully fledged server management platform, as such it requires those access to the host server in order to operate.
“–privileged -v /:/mnt/host” is not as bad of a thing as you would think in that context, in fact it is equivalent to running a daemon like you would with any other alternative (CasaOS, Umbrel, etc…) those are just requirement for Cosmos to run with the same level of exposure as those alternatives who are not docker containers.
My only alternative would have been to make Cosmos a daemon and not a container, but then it would make install and maintenance harder
I understand your point, and yes ideally it would run as an isolated container, but it’s just not possible to have a supervisor software managing your server running in an isolated container with no container, it is contradictory
I propose as alternative to run Cosmos with lower privilege, in which case some features will not work but the default is to run cosmos with the privileges it requires for all features to work as expected.
And the bottom line, the security benefits behind Cosmos for your average home-server outweigh by far this “–privileged -v /:/mnt/host”. Slight reminder than a very large portion of people running alternatives like Casa, Umbrel, etc… Also expose those root daemon without even HTTPS or anything!
It does not include volume data, but backing up volumes is a planned feature too, it’s just a lot more difficult of a feature to develop :p
Basically backing up volumes is easy without Cosmos, it’s just a folder, but backing up your container is much harder, that’s why I added it in priority
It’s an interesting initiative, a bit of progress to do on the storytelling but I’m sure you’ll figure it out as you go, good luck with starting your blog
Keep in mind that no being accessible from the internet does not mean it is safe as your local network is ALSO a very hostile environment with modern technologies (especially your PCs, smartphones , smart TV, and so on). Make sure you use HTTPS, proper authentication and so on to protect your server
I think you’ve stumble accross few of the huge issues with selfhosting
- Developing apps is too hard, you have all the difficulties of SaaS development but with the added difficulty of having to support people installing your app in various setups
- For the difficulty, the return on investment is low because the community is much smaller than what you can touch with a SaaS software
This causes the breadth of available apps to be quite shallow, and additionally, another factor threaten further that diversity is that
- people gets into self-hosting in one of two ways. Either to create illegal media-center (in which case they install Plex, Jellyfin, *arr, download client, etc…) or to manage their document in privacy (Nextcloud, etc…) seems like you are type 2. This causes most projects to focus around those hot topics, without exploring other things (this year alone at least 4 photos albums backup software started development…)
But this state of affair is not sad or inflicting, it is natural for such as a young community to take time to find itself, especially in this difficult setting (I know selfhosting is not new, but I call it young because only recently did it start becoming so popular). And there are solutions to those problem too. On my end, like many other talented people, I am working on technologies to improve this situation, and hopefully one day we will see a large diversity of application growing, with much more accessible setup for people to run.
What I forsee will be big in the future
- Once we crack federation (I do not think current state of the technology is good enough) social app (Video sharing, file sharing, social media alternatives, news site etc…) will be big
- Going back to news, once we improve the QOL of SH for public sites, news agglomeration is going to be big as well (for blogs and stuff)
- Any mobile/SaaS app could have a SH counter part, that will automatically gain benefits from not being in the cloud. Im thinking things like various task management, productivity tools, and of course, home automation is gonna be the bigger winner for being in the home already, therefore workable offline. An example of this is already happening with cooking/recpies apps (Mealie, Tandorii, Grocy, etc…) which benefit from being at home, private, and accessible from the family, and home-assistant.
- Finally, SH is going to supercharge the development of very niche software. It makes no sense to develop an entire SaaS offering for 100 users (ex. a software to manage your model train would be very niche) because you have to pay for a domain, servers, and so on… But a SH app could literally cost $0 to run (for the devs) while yelding minimal benefits (either from subs or donation).
Give it 2-3 years for those stuff to develop better. In 3 years this sub will be almost twice as big at 500k, and you will have 2-3 times the amount of apps available that’s pretty much a garantee
Tailscale is using “being opensource” as a marketing term and it’s working. The coordination server is a center piece of the architecture, the client being open is meaningless
Another example of this is Plex, many people don’t actually know the fact that it went closed and that only the client is open source