trevor/links
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

secrutiry update
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse Source
This commit is contained in:
Andrey K. Choi
2025-11-04 13:44:00 +09:00
parent 2b3cb736d5
commit 735c1984f9
9 changed files with 705 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
database/pg_hba.conf Normal file
View File

@@ -0,0 +1,24 @@
# PostgreSQL Client Authentication Configuration
# Security-hardened for CatLink Production
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all postgres peer
local links_db links_user scram-sha-256
# IPv4 local connections:
host links_db links_user 127.0.0.1/32 scram-sha-256
# IPv6 local connections:
host links_db links_user ::1/128 scram-sha-256
# Docker network connections (текущая сеть links_default: 172.19.0.0/16)
host links_db links_user 172.19.0.0/16 scram-sha-256
# Новая защищенная сеть catlink-network: 172.20.0.0/16
host links_db links_user 172.20.0.0/16 scram-sha-256
# Deny all other connections
host all all 0.0.0.0/0 reject
host all all ::/0 reject

53
database/postgresql.conf Normal file
View File

@@ -0,0 +1,53 @@
# PostgreSQL Configuration for CatLink Production
# Security-hardened configuration
# Connection Settings
listen_addresses = '*'
port = 5432
max_connections = 100
shared_buffers = 256MB
# Security Settings
ssl = on
ssl_min_protocol_version = 'TLSv1.3'
ssl_prefer_server_ciphers = on
password_encryption = scram-sha-256
# Logging for Security Monitoring
logging_collector = on
log_destination = 'stderr'
log_directory = 'pg_log'
log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log'
log_rotation_age = 1d
log_rotation_size = 100MB
# Connection Logging
log_connections = on
log_disconnections = on
log_duration = on
log_statement = 'mod'
log_line_prefix = '%m [%p] %u@%d %h %c '
# Security Logging
log_checkpoints = on
log_lock_waits = on
log_temp_files = 0
# Performance Settings
effective_cache_size = 1GB
maintenance_work_mem = 64MB
checkpoint_completion_target = 0.7
wal_buffers = 16MB
default_statistics_target = 100
# WAL Settings
wal_level = replica
archive_mode = off
max_wal_senders = 0
# Locale Settings
lc_messages = 'en_US.utf8'
lc_monetary = 'en_US.utf8'
lc_numeric = 'en_US.utf8'
lc_time = 'en_US.utf8'
default_text_search_config = 'pg_catalog.english'