From 8bbe8e0e283484423487cfb9fbeb29fd9028bace Mon Sep 17 00:00:00 2001
From: Arpad Krejczinger <krejczinger.arpad@gmail.com>
Date: Fri, 12 Sep 2025 20:38:33 +0200
Subject: [PATCH] Add Docker daemon and service hardening configurations

- config/docker/daemon.json: Docker security hardening with logging limits and security options
- config/systemd/nginx.service.d/rate-limit.conf: Nginx resource limits and connection throttling
- Includes deployment instructions for container and service security
---
 config/docker/daemon.json                     | 32 +++++++++++++++++++
 .../systemd/nginx.service.d/rate-limit.conf   | 13 ++++++++
 2 files changed, 45 insertions(+)
 create mode 100644 config/docker/daemon.json
 create mode 100644 config/systemd/nginx.service.d/rate-limit.conf

diff --git a/config/docker/daemon.json b/config/docker/daemon.json
new file mode 100644
index 0000000..46a7887
--- /dev/null
+++ b/config/docker/daemon.json
@@ -0,0 +1,32 @@
+# Docker Daemon Security Configuration
+# Deploy to: /etc/docker/daemon.json
+# 
+# Setup commands:
+#   sudo cp config/docker/daemon.json /etc/docker/
+#   sudo systemctl restart docker
+
+{
+  "log-driver": "json-file",
+  "log-opts": {
+    "max-size": "50m",
+    "max-file": "3"
+  },
+  "live-restore": true,
+  "userland-proxy": false,
+  "no-new-privileges": true,
+  "seccomp-profile": "/etc/docker/seccomp-default.json",
+  "default-ulimits": {
+    "nproc": {
+      "hard": 65536,
+      "soft": 65536
+    },
+    "nofile": {
+      "hard": 65536,
+      "soft": 65536
+    }
+  },
+  "storage-driver": "overlay2",
+  "storage-opts": [
+    "overlay2.override_kernel_check=true"
+  ]
+}
\ No newline at end of file
diff --git a/config/systemd/nginx.service.d/rate-limit.conf b/config/systemd/nginx.service.d/rate-limit.conf
new file mode 100644
index 0000000..52a0a91
--- /dev/null
+++ b/config/systemd/nginx.service.d/rate-limit.conf
@@ -0,0 +1,13 @@
+# Nginx Service Rate Limiting Configuration  
+# Deploy to: /etc/systemd/system/nginx.service.d/rate-limit.conf
+# 
+# Setup commands:
+#   sudo mkdir -p /etc/systemd/system/nginx.service.d
+#   sudo cp config/systemd/nginx.service.d/rate-limit.conf /etc/systemd/system/nginx.service.d/
+#   sudo systemctl daemon-reload
+#   sudo systemctl restart nginx
+
+[Service]
+# Limit nginx connections
+LimitNOFILE=65536
+LimitNPROC=4096
\ No newline at end of file