Revisions
- Replace installation section with a Getting Started, which helps clarify the activation process. - Clarify security notes with a new section, also including info about Let's Encrypt. - Add info about backup recommendations.
This commit is contained in:
54
README.md
54
README.md
@ -25,18 +25,60 @@ It does **not** validate your environment or attempt to preserve existing config
|
|||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## 🚀 Installation
|
|
||||||
|
|
||||||
On a fresh Debian 12 system, clone the password-manager repository and then run:
|
## 🚀 Getting Started
|
||||||
|
|
||||||
|
1. Deploy this appliance on a fresh **Debian 12** machine (VM or bare-metal).
|
||||||
|
2. Run:
|
||||||
```bash
|
```bash
|
||||||
./installer.sh
|
./installer.sh
|
||||||
```
|
```
|
||||||
|
3. Once complete, open a browser and visit:
|
||||||
|
|
||||||
After installation:
|
```
|
||||||
- Access the appliance at `http://<your-appliance-ip>/`
|
https://<your-server-ip>/activate
|
||||||
- Go to `/activate` to complete first-time configuration
|
```
|
||||||
- After submitting the form, Vaultwarden will use your custom settings
|
|
||||||
|
DO NOT omit this step. Doing so would be an extreme security risk.
|
||||||
|
4. Copy the admin token provided and store it somewhere safe.
|
||||||
|
5. Visit:
|
||||||
|
|
||||||
|
```
|
||||||
|
https://<your-server-ip>/admin
|
||||||
|
```
|
||||||
|
|
||||||
|
to begin using the Vaultwarden admin interface.
|
||||||
|
5. Visit:
|
||||||
|
|
||||||
|
```
|
||||||
|
https://<your-server-ip>/
|
||||||
|
```
|
||||||
|
|
||||||
|
to begin using Vaultwarden.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 🔐 Security Notes
|
||||||
|
|
||||||
|
- This appliance uses **self-signed SSL certificates** by default. If hosting on a domain, Let's Encrypt `certbot` is included. You can run `certbot --nginx` to obtain and install HTTPS certificates automatically. Make sure your domain points to this server before running the command.
|
||||||
|
- Accessing the web interface **requires HTTPS** — HTTP requests are automatically redirected.
|
||||||
|
- The **admin token is hashed using Argon2ID** and cannot be retrieved later. If lost, delete `/opt/vaultwarden/.setup-complete` to regenerate using `/activate`.
|
||||||
|
- Ensure you complete `/activate` immediately after setup to prevent unauthorized configuration.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 💾 Backup Recommendations
|
||||||
|
|
||||||
|
To safely back up your Vaultwarden appliance, include the following:
|
||||||
|
|
||||||
|
- `/opt/vaultwarden/` — Vaultwarden binary, `web-vault`, and persistent config.
|
||||||
|
- `/var/lib/vaultwarden/` — Environment file (`.env.user`) and state flag (`.setup-complete`).
|
||||||
|
- **Database backup:** Use `mysqldump` to regularly export the `vaultwarden` database, and then backup that file to your backup set. Example dump:
|
||||||
|
```bash
|
||||||
|
mysqldump vaultwarden > /root/vaultwarden-backup.sql
|
||||||
|
```
|
||||||
|
|
||||||
|
Backups should be performed routinely and securely stored.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user