Add Docker daemon and service hardening configurations

- config/docker/daemon.json: Docker security hardening with logging limits and security options - config/systemd/nginx.service.d/rate-limit.conf: Nginx resource limits and connection throttling - Includes deployment instructions for container and service security
2025-09-12 20:38:33 +02:00
parent 5e714f4e45
commit 8bbe8e0e28
2 changed files with 45 additions and 0 deletions
--- a/config/docker/daemon.json
+++ b/config/docker/daemon.json
@@ -0,0 +1,32 @@
+# Docker Daemon Security Configuration
+# Deploy to: /etc/docker/daemon.json
+# 
+# Setup commands:
+#   sudo cp config/docker/daemon.json /etc/docker/
+#   sudo systemctl restart docker
+
+{
+  "log-driver": "json-file",
+  "log-opts": {
+    "max-size": "50m",
+    "max-file": "3"
+  },
+  "live-restore": true,
+  "userland-proxy": false,
+  "no-new-privileges": true,
+  "seccomp-profile": "/etc/docker/seccomp-default.json",
+  "default-ulimits": {
+    "nproc": {
+      "hard": 65536,
+      "soft": 65536
+    },
+    "nofile": {
+      "hard": 65536,
+      "soft": 65536
+    }
+  },
+  "storage-driver": "overlay2",
+  "storage-opts": [
+    "overlay2.override_kernel_check=true"
+  ]
+}
--- a/config/systemd/nginx.service.d/rate-limit.conf
+++ b/config/systemd/nginx.service.d/rate-limit.conf
@@ -0,0 +1,13 @@
+# Nginx Service Rate Limiting Configuration  
+# Deploy to: /etc/systemd/system/nginx.service.d/rate-limit.conf
+# 
+# Setup commands:
+#   sudo mkdir -p /etc/systemd/system/nginx.service.d
+#   sudo cp config/systemd/nginx.service.d/rate-limit.conf /etc/systemd/system/nginx.service.d/
+#   sudo systemctl daemon-reload
+#   sudo systemctl restart nginx
+
+[Service]
+# Limit nginx connections
+LimitNOFILE=65536
+LimitNPROC=4096