diff --git a/README.md b/README.md index f42e026..3880a0f 100644 --- a/README.md +++ b/README.md @@ -25,18 +25,60 @@ It does **not** validate your environment or attempt to preserve existing config --- -## 🚀 Installation -On a fresh Debian 12 system, clone the password-manager repository and then run: +## 🚀 Getting Started -```bash -./installer.sh -``` +1. Deploy this appliance on a fresh **Debian 12** machine (VM or bare-metal). +2. Run: + ```bash + ./installer.sh + ``` +3. Once complete, open a browser and visit: -After installation: -- Access the appliance at `http:///` -- Go to `/activate` to complete first-time configuration -- After submitting the form, Vaultwarden will use your custom settings + ``` + https:///activate + ``` + + DO NOT omit this step. Doing so would be an extreme security risk. +4. Copy the admin token provided and store it somewhere safe. +5. Visit: + + ``` + https:///admin + ``` + + to begin using the Vaultwarden admin interface. +5. Visit: + + ``` + https:/// + ``` + + to begin using Vaultwarden. + +--- + +## 🔐 Security Notes + +- This appliance uses **self-signed SSL certificates** by default. If hosting on a domain, Let's Encrypt `certbot` is included. You can run `certbot --nginx` to obtain and install HTTPS certificates automatically. Make sure your domain points to this server before running the command. +- Accessing the web interface **requires HTTPS** — HTTP requests are automatically redirected. +- The **admin token is hashed using Argon2ID** and cannot be retrieved later. If lost, delete `/opt/vaultwarden/.setup-complete` to regenerate using `/activate`. +- Ensure you complete `/activate` immediately after setup to prevent unauthorized configuration. + +--- + +## 💾 Backup Recommendations + +To safely back up your Vaultwarden appliance, include the following: + +- `/opt/vaultwarden/` — Vaultwarden binary, `web-vault`, and persistent config. +- `/var/lib/vaultwarden/` — Environment file (`.env.user`) and state flag (`.setup-complete`). +- **Database backup:** Use `mysqldump` to regularly export the `vaultwarden` database, and then backup that file to your backup set. Example dump: + ```bash + mysqldump vaultwarden > /root/vaultwarden-backup.sql + ``` + +Backups should be performed routinely and securely stored. ---