I've seen too many bloated tutorials using Nginx Proxy Manager or Traefik just to expose a simple Vaultwarden instance, resulting in unnecessary memory overhead and TLS configuration headaches for newcomers.
I wanted to see how minimal and fast we could push a production-ready deployment from zero to a fully secured https:// endpoint.
I wrote a zero-dependency bash pipeline that:
- Bootstraps Docker & Compose natively based on the OS.
- Injects a hardened
Caddyfilefor automatic Let's Encrypt TLS (with HSTS & security headers). - Auto-generates a cryptographically secure 48-char
ADMIN_TOKENvia OpenSSL. - Profiles the exact CPU/RAM usage and deployment duration.
The Benchmark Results:
- Total Time (Zero to HTTPS): ~43s
- Vaultwarden RAM Usage: 11.95 MiB
- Caddy RAM Usage: ~20 MiB
- Host: (1GB RAM, 1 vCPU)
The Pipeline Source:
If you want to audit the code or reproduce the benchmark, I threw the install.sh, docker-compose.yml, and Caddyfile into this Gist: Caddyfile
What are you guys using for reverse proxying lightweight apps? Are there any footprints smaller than Caddy for automated TLS?
Top comments (0)