Link: github.com/azukaar/cosmos-Server/
Cosmos 0.11.0 is out with a new backup system to export all your docker containers! The Linux and Mac clients are also out for some early testing, please share your feedback!
The new backup system works by reading the list of containers on your server and exporting a single compose file, with all the setup you need to recreate (in case of crash) or migrate your server.
The backup system triggers on every docker change, including changes youโve made outside of Cosmos (ex. Portainer, etcโฆ).
It outputs to a single file in your config folder, which you can backup with various strategy to keep a history of your docker containers state!
As a reminder, this exists alongside the existing features:
- App Store ๐ฆ๐ฑ To easily install and manage your applications, with simple installers, automatic updates and security checks
- Customizable Homepage ๐ ๐ผ To access all your applications from a single place, with a beautiful and customizable UI
- Reverse-Proxy ๐๐ Targeting containers, other servers, or serving static folders / SPA with automatic HTTPS, and a nice UI
- VPN ๐๐ To securely access your applications from anywhere, without having to open ports on your router.
- Authentication Server ๐ฆ๐ฉ With strong security, multi-factor authentication and multiple strategies (OpenId, forward headers, HTML)
- Container manager ๐๐ง To easily manage your containers and their settings, keep them up to date as well as audit their security. Includes docker-compose support!
- Identity Provider ๐ฆ๐ฉ To easily manage your users, invite your friends and family to your applications without awkardly sharing credentials. Let them request a password change with an email rather than having you unlock their account manually!
- SmartShield technology ๐ง ๐ก Automatically secure your applications without manual adjustments (see below for more details). Includes anti-bot and anti-DDOS strategies.
โ
As always, eager to get some feedback on this release, hereโs the rest of the changelog:
- Docker export feature for backups on every docker event
- Disable support for X-FORWARDED-FOR incoming header (needs further testing)
- Compose Import feature now supports skipping creating existing resources
- Compose Import now overwrite containers if they are differents
- Added support for cosmos-persistent-env, to persist password when overwriting containers (useful for encrypted or password protected volumes, like databases use)
- Fixed bug where import compose would try to revert a previously created volume when errors occurs
- Terminal for import now has colours
- Fix a bug where ARM CPU would not be able to start Constellation
โ
happy hosting!
I think other poster is more of pointing out why not have -v /CasaFolder:/mnt/host or something similar. Iโve been in the IT sector for a while and I view that if you have to use a workaround instead of actually solving the problem, there is an issue with your tooling or solution. Secondly, I see your point but I also agree with the other poster. Thereโs tons of security vulnerabilities announced and used on a daily basis and you should never have permissions to things you donโt need. Is there a reason why the user couldnโt just have a note in docs to say if you want to do X then mount this way? Itโs a few more lines and doesnโt give an insecure by default config right from the get go for users that otherwise wouldnโt know better.
Donโt get me wrong, I am fully aware that you need to reduce as much as possible the amount of access something has but as you said:
you should never have permissions to things you donโt need
well Cosmos needs to see your files if you want Cosmos to manage your files. Itโs that simple. By default its on because it is needed for Cosmos to function. You can remove it, but at the expense of some of the functionalities of the server.
By the way Cosmos, as a Docker management software, has access to your docker socket. Which mean, you can remove anything you want from the container, technically, it can add it back itself. Having access to the socket means being able to manage the containers, including itself. In other words, having this mount in the docker run command is just a comfort thing, but in term of privilege, whether itโs Cosmos or Portainer or any other docker manager, they have full root access to your system and thatโs unavoidable.
why not have -v /CasaFolder:/mnt/host or something similar
Because it would require users to always update their Cosmos containers to add additional folders all the time, giving a terrible and very error prone user experience.
If there is a solution out there, that solves that problem (as in allows Cosmos to continue to work the same without that mount) then I will gladly implement it. But as far as I can see there isnโt such solution