DEV Community: Matt Han The latest articles on DEV Community by Matt Han (@matt_han_7032dc6ae). https://dev.to/matt_han_7032dc6ae https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3835769%2F182f06a6-eba6-430e-8393-dd75ad70a8f6.png DEV Community: Matt Han https://dev.to/matt_han_7032dc6ae en Minimalist Vaultwarden + Auto-TLS stack (43s deployment, 11.95 MiB footprint) Matt Han Fri, 20 Mar 2026 16:12:05 +0000 https://dev.to/matt_han_7032dc6ae/minimalist-vaultwarden-auto-tls-stack-43s-deployment-1195-mib-footprint-2c00 https://dev.to/matt_han_7032dc6ae/minimalist-vaultwarden-auto-tls-stack-43s-deployment-1195-mib-footprint-2c00 <p>I've seen too many bloated tutorials using Nginx Proxy Manager or Traefik just to expose a simple Vaultwarden instance, resulting in unnecessary memory overhead and TLS configuration headaches for newcomers.</p> <p>I wanted to see how minimal and fast we could push a production-ready deployment from zero to a fully secured <code>https://</code> endpoint. </p> <p>I wrote a zero-dependency bash pipeline that:</p> <ol> <li>Bootstraps Docker &amp; Compose natively based on the OS.</li> <li>Injects a hardened <code>Caddyfile</code> for automatic Let's Encrypt TLS (with HSTS &amp; security headers).</li> <li>Auto-generates a cryptographically secure 48-char <code>ADMIN_TOKEN</code> via OpenSSL.</li> <li>Profiles the exact CPU/RAM usage and deployment duration.</li> </ol> <p><strong>The Benchmark Results:</strong></p> <ul> <li> <strong>Total Time (Zero to HTTPS):</strong> ~43s</li> <li> <strong>Vaultwarden RAM Usage:</strong> 11.95 MiB</li> <li> <strong>Caddy RAM Usage:</strong> ~20 MiB</li> <li> <strong>Host:</strong> (1GB RAM, 1 vCPU)</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F40ng6i8tf7g6v2m3byhl.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F40ng6i8tf7g6v2m3byhl.jpg" alt=" " width="800" height="428"></a></p> <p><strong>The Pipeline Source:</strong><br> If you want to audit the code or reproduce the benchmark, I threw the <code>install.sh</code>, <code>docker-compose.yml</code>, and <code>Caddyfile</code> into this Gist: <a href="https://gist.github.com/SeanhChou/4e5777bc23fd7ab6d59e0e5268cec3e1" rel="noopener noreferrer">Caddyfile</a></p> <p>What are you guys using for reverse proxying lightweight apps? Are there any footprints smaller than Caddy for automated TLS?</p> docker tutorial developer