🚀 Add: Configuración de producción con seguridad y performance optimizadas

Santiago13dev · Santiago13dev · commit 11ad9e79aab6 · 2025-09-18T18:01:46.000-05:00
## Características del perfil production:

### 🔒 **Seguridad reforzada**
- CORS restrictivo con origins específicos
- Cookies seguras y HTTP-only
- Rate limiting estricto
- Actuator endpoints limitados
- Error messages ocultos

### ⚡ **Performance optimizada**
- Connection pools ajustados
- Cache habilitado con mayor duración
- Límites conservadores en requests
- JVM optimizations
- Graceful shutdown

### 📊 **Monitoring preparado**
- Métricas de JVM, proceso y sistema
- Prometheus export habilitado
- Info endpoints con metadatos
- Logging estructurado

### 🛡️ **Configuración segura**
- Variables de entorno para secrets
- Sin información sensible en logs
- Validación estricta de datos
- Headers de seguridad habilitados
diff --git a/backend/src/main/resources/application-prod.properties b/backend/src/main/resources/application-prod.properties
@@ -0,0 +1,89 @@
+# ===============================================
+# SismoView Backend - Production Profile
+# ===============================================
+
+# ========================
+# PRODUCTION SERVER SETTINGS
+# ========================
+server.port=8080
+server.shutdown=graceful
+spring.lifecycle.timeout-per-shutdown-phase=20s
+
+# Security headers
+server.servlet.session.cookie.http-only=true
+server.servlet.session.cookie.secure=true
+
+# ========================
+# PRODUCTION LOGGING
+# ========================
+logging.level.com.sismoview=INFO
+logging.level.org.springframework=WARN
+logging.level.org.hibernate=WARN
+logging.level.org.apache=WARN
+
+# Structured logging for production
+logging.pattern.console=%d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %logger{36} - %msg%n
+
+# ========================
+# SECURITY & CORS
+# ========================
+sismoview.cors.allowed-origins=${ALLOWED_ORIGINS:https://sismoview.vercel.app,https://sismoview.com}
+sismoview.cors.allowed-methods=GET,POST,OPTIONS
+sismoview.cors.allowed-headers=Content-Type,Authorization,X-Requested-With
+sismoview.cors.allow-credentials=false
+
+# ========================
+# RATE LIMITING - STRICT
+# ========================
+sismoview.rate-limit.enabled=true
+sismoview.rate-limit.requests-per-minute=30
+sismoview.rate-limit.burst-capacity=5
+
+# ========================
+# PERFORMANCE OPTIMIZATIONS
+# ========================
+sismoview.seismic.cache-results=true
+sismoview.seismic.cache-duration-minutes=60
+sismoview.seismic.max-cities-per-request=25
+
+# Connection pool optimizations
+server.tomcat.max-connections=2000
+server.tomcat.threads.max=100
+server.tomcat.threads.min-spare=25
+
+# ========================
+# ACTUATOR - RESTRICTED
+# ========================
+management.endpoints.web.exposure.include=health,info,metrics
+management.endpoint.health.show-details=never
+management.endpoint.health.show-components=never
+management.security.enabled=true
+
+# ========================
+# JVM OPTIMIZATIONS
+# ========================
+spring.jpa.hibernate.ddl-auto=validate
+spring.jpa.show-sql=false
+spring.jpa.properties.hibernate.format_sql=false
+
+# ========================
+# ERROR HANDLING - SECURE
+# ========================
+server.error.include-stacktrace=never
+server.error.include-exception=false
+server.error.include-binding-errors=never
+server.error.include-message=never
+
+# ========================
+# MONITORING & OBSERVABILITY
+# ========================
+management.metrics.enable.jvm=true
+management.metrics.enable.process=true
+management.metrics.enable.system=true
+management.metrics.export.prometheus.enabled=true
+
+# Application info for monitoring
+info.app.name=@project.name@
+info.app.version=@project.version@
+info.app.encoding=@project.build.sourceEncoding@
+info.java.version=@java.version@
