inital setup

README.md

@@ -1,2 +1,68 @@
-# compose-vaultwarden
+# Basic Vaultwarden docker-compose config
+* can be run on single node setup or in swarm  
 
+## howto
+### single node
+#### start container
+```bash
+docker compose up -d
+```
+
+#### stop container (and remove)
+```bash
+docker compose down
+```
+
+#### view logs
+```bash
+docker compose logs -f
+```
+
+#### reload config
+```bash
+docker compose restart
+```
+
+### swarm
+#### start aka deploy
+```bash
+docker stack deploy -c docker-compose.yml caddy
+```
+
+#### stop container aka service
+```bash
+docker service rm caddy_caddy
+```
+
+#### view logs
+```bash
+docker service logs caddy_caddy -f
+```
+
+#### reload config (no downtime if replica 2 or more)
+```bash
+docker service update caddy_caddy --force
+```
+
+## example caddy config
+```
+vault.example.com {
+    header {
+        Strict-Transport-Security max-age=31536000;
+        X-XSS-Protection "1; mode=block"
+        X-Frame-Options DENY
+        X-Robots-Tag none
+        -Server
+    }
+    reverse_proxy vaultwarden:80 {
+        header_up X-Real-IP {remote_host}
+    }
+
+    # disable /admin page via domain (diable for inital config)
+    handle /admin {
+        respond 403
+    }
+
+    reverse_proxy 10.1.16.1:80
+}
+```