Revisions
- Replace installation section with a Getting Started, which helps clarify the activation process. - Clarify security notes with a new section, also including info about Let's Encrypt. - Add info about backup recommendations.
This commit is contained in:
60
README.md
60
README.md
@ -25,18 +25,60 @@ It does **not** validate your environment or attempt to preserve existing config
|
||||
|
||||
---
|
||||
|
||||
## 🚀 Installation
|
||||
|
||||
On a fresh Debian 12 system, clone the password-manager repository and then run:
|
||||
## 🚀 Getting Started
|
||||
|
||||
```bash
|
||||
./installer.sh
|
||||
```
|
||||
1. Deploy this appliance on a fresh **Debian 12** machine (VM or bare-metal).
|
||||
2. Run:
|
||||
```bash
|
||||
./installer.sh
|
||||
```
|
||||
3. Once complete, open a browser and visit:
|
||||
|
||||
After installation:
|
||||
- Access the appliance at `http://<your-appliance-ip>/`
|
||||
- Go to `/activate` to complete first-time configuration
|
||||
- After submitting the form, Vaultwarden will use your custom settings
|
||||
```
|
||||
https://<your-server-ip>/activate
|
||||
```
|
||||
|
||||
DO NOT omit this step. Doing so would be an extreme security risk.
|
||||
4. Copy the admin token provided and store it somewhere safe.
|
||||
5. Visit:
|
||||
|
||||
```
|
||||
https://<your-server-ip>/admin
|
||||
```
|
||||
|
||||
to begin using the Vaultwarden admin interface.
|
||||
5. Visit:
|
||||
|
||||
```
|
||||
https://<your-server-ip>/
|
||||
```
|
||||
|
||||
to begin using Vaultwarden.
|
||||
|
||||
---
|
||||
|
||||
## 🔐 Security Notes
|
||||
|
||||
- This appliance uses **self-signed SSL certificates** by default. If hosting on a domain, Let's Encrypt `certbot` is included. You can run `certbot --nginx` to obtain and install HTTPS certificates automatically. Make sure your domain points to this server before running the command.
|
||||
- Accessing the web interface **requires HTTPS** — HTTP requests are automatically redirected.
|
||||
- The **admin token is hashed using Argon2ID** and cannot be retrieved later. If lost, delete `/opt/vaultwarden/.setup-complete` to regenerate using `/activate`.
|
||||
- Ensure you complete `/activate` immediately after setup to prevent unauthorized configuration.
|
||||
|
||||
---
|
||||
|
||||
## 💾 Backup Recommendations
|
||||
|
||||
To safely back up your Vaultwarden appliance, include the following:
|
||||
|
||||
- `/opt/vaultwarden/` — Vaultwarden binary, `web-vault`, and persistent config.
|
||||
- `/var/lib/vaultwarden/` — Environment file (`.env.user`) and state flag (`.setup-complete`).
|
||||
- **Database backup:** Use `mysqldump` to regularly export the `vaultwarden` database, and then backup that file to your backup set. Example dump:
|
||||
```bash
|
||||
mysqldump vaultwarden > /root/vaultwarden-backup.sql
|
||||
```
|
||||
|
||||
Backups should be performed routinely and securely stored.
|
||||
|
||||
---
|
||||
|
||||
|
||||
Reference in New Issue
Block a user