Security hardening: Move creds to .env, enable stream logs, rate limits

2026-01-03 19:38:17 +09:00
parent dc5db0d15a
commit 82701155bb
4 changed files with 18 additions and 13 deletions
--- a/nginx-ssl.conf
+++ b/nginx-ssl.conf
@@ -10,6 +10,11 @@ events {
 }

 stream {
+    log_format basic '$remote_addr [$time_local] '
+                     '$protocol $status $bytes_sent $bytes_received '
+                     '$session_time';
+    access_log /var/log/nginx/stream.log basic;
+
    upstream mac_screen_sharing {
        server 192.168.1.122:5900;
    }
@@ -263,7 +268,7 @@ http {
        ssl_session_timeout 10m;

        # 보안 제한 (WebDAV용 - 파일 업로드 고려)
-        # limit_req zone=webdav burst=200 nodelay;
+        limit_req zone=webdav burst=200 nodelay;
        limit_conn perip 50;
        limit_conn perserver 200;