diff --git a/.clabot b/.clabot
index 0342a7afa8a..fe93348e0de 100644
--- a/.clabot
+++ b/.clabot
@@ -84,6 +84,7 @@
     "marlowp",
     "sijandh35",
     "mcihad", 
-    "nrjadkry" 
+    "nrjadkry",
+    "brynsofz"
   ]
-}
\ No newline at end of file
+}
diff --git a/docker-compose-dev.yml b/docker-compose-dev.yml
index b19042ecce1..b5e4c19e00d 100644
--- a/docker-compose-dev.yml
+++ b/docker-compose-dev.yml
@@ -118,13 +118,19 @@ services:
   db:
     # use geonode official postgis 15 image
     image: geonode/postgis:15-3.5-latest
-    command: postgres -c "max_connections=${POSTGRESQL_MAX_CONNECTIONS}"
+    command:
+      - postgres
+      - -c
+      - config_file=/etc/postgresql/postgresql.conf
     container_name: db4${COMPOSE_PROJECT_NAME}
     env_file:
       - .env
     volumes:
       - dbdata:/var/lib/postgresql/data
       - dbbackups:/pg_backups
+      - ./docker/postgresql/postgresql.conf:/etc/postgresql/postgresql.conf:ro
+      - ./docker/postgresql/conf.d:/etc/postgresql/conf.d:ro
+      - ./docker/postgresql/pg_hba.conf:/etc/postgresql/pg_hba.conf:ro
     restart: unless-stopped
     healthcheck:
       test: "pg_isready -d postgres -U postgres"
diff --git a/docker-compose-test.yml b/docker-compose-test.yml
index ed933655dfe..98c6875b1da 100644
--- a/docker-compose-test.yml
+++ b/docker-compose-test.yml
@@ -119,13 +119,19 @@ services:
   db:
     # use geonode official postgis 15 image
     image: geonode/postgis:15-3.5-latest
-    command: postgres -c "max_connections=${POSTGRESQL_MAX_CONNECTIONS}"
+    command:
+      - postgres
+      - -c
+      - config_file=/etc/postgresql/postgresql.conf
     container_name: db4${COMPOSE_PROJECT_NAME}
     env_file:
       - .env_test
     volumes:
       - dbdata:/var/lib/postgresql/data
       - dbbackups:/pg_backups
+      - ./docker/postgresql/postgresql.conf:/etc/postgresql/postgresql.conf:ro
+      - ./docker/postgresql/conf.d:/etc/postgresql/conf.d:ro
+      - ./docker/postgresql/pg_hba.conf:/etc/postgresql/pg_hba.conf:ro
     restart: unless-stopped
     healthcheck:
       test: "pg_isready -d postgres -U postgres"
diff --git a/docker-compose.yml b/docker-compose.yml
index e9d3c2c122c..a725a294f84 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -131,13 +131,19 @@ services:
   db:
     # use geonode official postgis 15 image
     image: geonode/postgis:15-3.5-latest
-    command: postgres -c "max_connections=${POSTGRESQL_MAX_CONNECTIONS}"
+    command:
+      - postgres
+      - -c
+      - config_file=/etc/postgresql/postgresql.conf
     container_name: db4${COMPOSE_PROJECT_NAME}
     env_file:
       - .env
     volumes:
       - dbdata:/var/lib/postgresql/data
       - dbbackups:/pg_backups
+      - ./docker/postgresql/postgresql.conf:/etc/postgresql/postgresql.conf:ro
+      - ./docker/postgresql/conf.d:/etc/postgresql/conf.d:ro
+      - ./docker/postgresql/pg_hba.conf:/etc/postgresql/pg_hba.conf:ro
     restart: unless-stopped
     healthcheck:
       test: "pg_isready -d postgres -U postgres"
diff --git a/docker/postgresql/conf.d/01-default.conf b/docker/postgresql/conf.d/01-default.conf
new file mode 100644
index 00000000000..232fc972db3
--- /dev/null
+++ b/docker/postgresql/conf.d/01-default.conf
@@ -0,0 +1 @@
+max_connections = 200
diff --git a/docker/postgresql/pg_hba.conf b/docker/postgresql/pg_hba.conf
new file mode 100644
index 00000000000..5d9ad1a8280
--- /dev/null
+++ b/docker/postgresql/pg_hba.conf
@@ -0,0 +1,39 @@
+# Local Unix socket connections - trust for local admin access
+local   all             postgres                                trust
+
+# Localhost connections - trust for container internal access
+host    all             postgres        127.0.0.1/32            trust
+host    all             postgres        ::1/128                 trust
+
+# Allow replication connections from localhost
+local   replication     all                                     trust
+host    replication     all             127.0.0.1/32            trust
+host    replication     all             ::1/128                 trust
+
+# =============================================================================
+# Application-specific rules (evaluated in order)
+# =============================================================================
+
+# GeoNode database - require SCRAM-SHA-256 authentication
+# This matches connections from Django/Celery containers
+host    geonode         geonode         172.19.0.0/16           scram-sha-256
+
+# GeoNode geodatabase - require SCRAM-SHA-256 authentication
+# This matches connections from GeoServer
+host    geonode_data    geonode_data    172.19.0.0/16           scram-sha-256
+
+# Template databases - no external access allowed
+host    template0       all             all                     reject
+host    template1       all             all                     reject
+
+# Postgres database - admin only, require password
+host    postgres        postgres        172.19.0.0/16           scram-sha-256
+
+# =============================================================================
+# Default catch-all rule - deny all other connections
+# =============================================================================
+# Explicitly deny all other connections:
+host    all             all             all                     reject
+
+# Or allow with password (current default):
+# host    all             all             all                     scram-sha-256
diff --git a/docker/postgresql/postgresql.conf b/docker/postgresql/postgresql.conf
new file mode 100644
index 00000000000..0483bc4df50
--- /dev/null
+++ b/docker/postgresql/postgresql.conf
@@ -0,0 +1,13 @@
+# Data Directory (managed by Docker)
+data_directory = '/var/lib/postgresql/data'
+
+# Connection Settings
+listen_addresses = '*'  # Listen on all network interfaces
+
+# Authentication Configuration File
+hba_file = '/etc/postgresql/pg_hba.conf'
+
+# Include additional configuration files from conf.d directory
+# All .conf files in this directory will be processed
+include_dir = 'conf.d'
+