diff --git a/.github/workflows/dev-cd.yml b/.github/workflows/dev-cd.yml
index ae3495c3..ababe2a1 100644
--- a/.github/workflows/dev-cd.yml
+++ b/.github/workflows/dev-cd.yml
@@ -62,4 +62,7 @@ jobs:
           script: |
             docker rm -f taskflow
             docker image rm ${{ secrets.DOCKER_REPO }} -f
-            docker run --name taskflow -d -p 9090:9090 ${{ secrets.DOCKER_REPO }} --restart on-failure
+            docker run --name taskflow -d -p 9090:9090 \
+              --env-file /home/ubuntu/.env \
+              ${{ secrets.DOCKER_REPO }} \
+              --restart on-failure
diff --git a/src/main/java/clap/server/common/properties/PasswordPolicyProperties.java b/src/main/java/clap/server/common/properties/PasswordPolicyProperties.java
deleted file mode 100644
index f25b5bf8..00000000
--- a/src/main/java/clap/server/common/properties/PasswordPolicyProperties.java
+++ /dev/null
@@ -1,15 +0,0 @@
-package clap.server.common.properties;
-
-import lombok.Getter;
-import lombok.Setter;
-import org.springframework.boot.context.properties.ConfigurationProperties;
-import org.springframework.stereotype.Component;
-
-@Getter
-@Setter
-@Component
-@ConfigurationProperties(prefix = "password.policy")
-public class PasswordPolicyProperties {
-    private String characters;
-    private int length;
-}
diff --git a/src/main/java/clap/server/common/utils/InitialPasswordGenerator.java b/src/main/java/clap/server/common/utils/InitialPasswordGenerator.java
index 97808e62..175e5984 100644
--- a/src/main/java/clap/server/common/utils/InitialPasswordGenerator.java
+++ b/src/main/java/clap/server/common/utils/InitialPasswordGenerator.java
@@ -1,16 +1,15 @@
 package clap.server.common.utils;
 
-import clap.server.common.properties.PasswordPolicyProperties;
-import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.stereotype.Component;
 
 import java.security.SecureRandom;
 
-@RequiredArgsConstructor
 public class InitialPasswordGenerator {
 
-    private final PasswordPolicyProperties properties;
+    @Value("${password.policy.characters}")
+    private String characters;
+
+    private static final int PASSWORD_LENGTH = 8;
 
     private InitialPasswordGenerator() {
         throw new IllegalStateException("Utility class");
@@ -24,10 +23,8 @@ public String generateRandomPassword(int length) {
         SecureRandom secureRandom = new SecureRandom();
         StringBuilder password = new StringBuilder(length);
 
-        String characters = properties.getCharacters();
-
         for (int i = 0; i < length; i++) {
-            int randomIndex = secureRandom.nextInt(properties.getLength());
+            int randomIndex = secureRandom.nextInt(PASSWORD_LENGTH);
             password.append(characters.charAt(randomIndex));
         }
 
diff --git a/src/main/java/clap/server/config/security/CorsConfig.java b/src/main/java/clap/server/config/security/CorsConfig.java
new file mode 100644
index 00000000..fd1042ea
--- /dev/null
+++ b/src/main/java/clap/server/config/security/CorsConfig.java
@@ -0,0 +1,45 @@
+package clap.server.config.security;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpHeaders;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import java.util.List;
+
+import static clap.server.common.constants.AuthConstants.SESSION_ID;
+
+@Configuration
+public class CorsConfig {
+    @Value("${server.domain.local}")
+    private String localServerDomain;
+
+    @Value("${server.domain.service}")
+    private String serviceServerDomain;
+
+    @Value("${web.domain.local}")
+    private String localWebDomain;
+
+    @Value("${web.domain.service}")
+    private String serviceWebDomain;
+
+    @Bean
+    public CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration configuration = new CorsConfiguration();
+        configuration.setAllowedOrigins(
+                List.of(localServerDomain, localWebDomain, serviceServerDomain, serviceWebDomain));
+        configuration.setAllowedMethods(List.of("GET", "POST", "OPTIONS", "PUT", "PATCH", "DELETE"));
+        configuration.setAllowedHeaders(List.of("*"));
+        configuration.setExposedHeaders(List.of(HttpHeaders.AUTHORIZATION, SESSION_ID.getValue()));
+        configuration.setAllowCredentials(true);
+        configuration.setMaxAge(3600L);
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", configuration);
+        return source;
+    }
+
+}
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
index 26f09508..d5fbaff7 100644
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -7,22 +7,27 @@ spring:
       - swagger.yml
       - redis.yml
       - auth.yml
+      - elasticsearch.yml
   application:
     name: taskflow
-  elasticsearch:
-    uris: ${ELASTIC_URI:127.0.0.1:9200}
-
   web.resources.add-mappings: false
 
 
 server:
   port: ${APPLICATION_PORT:8080}
   tomcat:
-    max-connections: 20000
+    max-connections: 10000
     threads:
       max: 600
       min-spare: 100
-
+  domain:
+    local: ${TASKFLOW_LOCAL_SERVER:127.0.0.1:8080}
+    service: ${TASKFLOW_SERVICE_SERVER:127.0.0.1:8080}
+
+web:
+  domain:
+    local: ${TASKFLOW_LOCAL_WEB:127.0.0.1:3O00}
+    service: ${TASKFLOW_SERVICE_WEB:127.0.0.1:3000}
 #logging:
 #  level:
 #    root: INFO
diff --git a/src/main/resources/elasticsearch.yml b/src/main/resources/elasticsearch.yml
new file mode 100644
index 00000000..d77bdeca
--- /dev/null
+++ b/src/main/resources/elasticsearch.yml
@@ -0,0 +1,3 @@
+spring:
+  elasticsearch:
+    uris: ${ELASTIC_URI:127.0.0.1:9200}
\ No newline at end of file
diff --git a/src/test/resources/application.yml b/src/test/resources/application.yml
index ba283b05..683f2af6 100644
--- a/src/test/resources/application.yml
+++ b/src/test/resources/application.yml
@@ -17,6 +17,15 @@ spring:
   testcontainers:
     beans:
       startup: parallel
+server:
+  domain:
+    local: 127.0.0.1:8080
+    service: 127.0.0.1:8080
+
+web:
+  domain:
+    local: 127.0.0.1:3O00
+    service: 127.0.0.1:3000
 
 swagger:
   server:
@@ -35,5 +44,6 @@ jwt:
 password:
   policy:
     length: 12
-    characters: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()_+"
+    characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()_+
+