From a060a8b8fafcdfcc49dd2da37cd364afd9d0702e Mon Sep 17 00:00:00 2001
From: alex <alex@pdp7.net>
Date: Sat, 10 Jan 2026 13:03:10 +0100
Subject: Add instructions to run the web vault locally

Closes #15
---
 infrastructure/roles/vaultwarden/Caddyfile | 40 ++++++++++++++++++++++++++++++
 infrastructure/roles/vaultwarden/README.md |  8 ++++++
 2 files changed, 48 insertions(+)
 create mode 100644 infrastructure/roles/vaultwarden/Caddyfile

(limited to 'infrastructure')

diff --git a/infrastructure/roles/vaultwarden/Caddyfile b/infrastructure/roles/vaultwarden/Caddyfile
new file mode 100644
index 0000000..695c862
--- /dev/null
+++ b/infrastructure/roles/vaultwarden/Caddyfile
@@ -0,0 +1,40 @@
+{
+	auto_https disable_redirects
+	skip_install_trust
+}
+
+https://localhost:8443 {
+	root .
+
+	handle_path /api/* {
+		rewrite * /vaultwarden/api{path}
+		reverse_proxy https://ñix.es
+	}
+
+	handle_path /identity/* {
+		rewrite * /vaultwarden/identity{path}
+		reverse_proxy https://ñix.es
+	}
+
+	handle_path /icons/* {
+		rewrite * /vaultwarden/icons{path}
+		reverse_proxy https://ñix.es
+	}
+
+	handle_path /events/* {
+		rewrite * /vaultwarden/events{path}
+		reverse_proxy https://ñix.es
+	}
+
+	handle_path /notifications/* {
+		rewrite * /vaultwarden/notifications{path}
+		reverse_proxy https://ñix.es
+	}
+
+	handle_path /css/vaultwarden.css {
+		rewrite * /vaultwarden/css/vaultwarden.css
+		reverse_proxy https://ñix.es
+	}
+
+	file_server
+}
diff --git a/infrastructure/roles/vaultwarden/README.md b/infrastructure/roles/vaultwarden/README.md
index 05c7fc2..26e94dc 100644
--- a/infrastructure/roles/vaultwarden/README.md
+++ b/infrastructure/roles/vaultwarden/README.md
@@ -28,3 +28,11 @@ Therefore, we recommend changing the master password *before* entering any sensi
 
 To share secrets among members, organizations should be created from an account without personal data.
 
+### Running a local web vault
+
+Alternatively, you can run the web vault locally to ensure no one has tampered with the web vault.
+
+1. Download and extract the archive from [the Vaultwarden web vault builds](https://github.com/dani-garcia/bw_web_builds/releases/latest).
+1. Copy the [`Caddyfile`](Caddyfile) into the `web-vault` directory.
+1. Run `caddy run`.
+1. Access your vault at <https://localhost:8443>.
-- 
cgit v1.2.3