diff --git a/kms.php b/kms.php
index c74befa..56c760a 100755
--- a/kms.php
+++ b/kms.php
@@ -34,6 +34,11 @@ function load_nginx_config(int $kms_port, int $http_port): void {
     listen $http_port;
     listen [::]:$http_port ipv6only=on;
 
+    set_real_ip_from ::/0;
+    set_real_ip_from 0.0.0.0/0;
+    real_ip_header X-Real-IP;
+    real_ip_recursive on;
+
     location /assets {
         root /kms-server;
     }
@@ -75,17 +80,21 @@ function get_param(string $field, string $default): string {
 
 function load_params(): void {
     global $argv;
-    if (in_array('--debug', $argv)) { // enter debug mode
-        logging::$logLevel = logging::DEBUG;
+    if (strtolower(getenv('DEBUG')) === 'true' || in_array('--debug', $argv)) {
+        logging::$logLevel = logging::DEBUG; // enter debug mode
     }
 
     global $ENABLE_HTTP;
-    if (in_array('--disable-http', $argv)) { // disable http service
+    if (strtolower(getenv('DISABLE_HTTP')) === 'true' || in_array('--disable-http', $argv)) {
         logging::warning('Disable http service');
-        $ENABLE_HTTP = false;
+        $ENABLE_HTTP = false; // disable http service
     }
 
     global $KMS_PORT;
+    if (getenv('KMS_PORT')) {
+        $KMS_PORT = intval(getenv('KMS_PORT'));
+        logging::debug('Get KMS_PORT from env -> ' . $KMS_PORT);
+    }
     $KMS_PORT = intval(get_param('--kms-port', strval($KMS_PORT)));
     if ($KMS_PORT < 1 || $KMS_PORT > 65535) { // 1 ~ 65535
         logging::critical('Illegal KMS Port -> ' . $KMS_PORT);
@@ -98,6 +107,10 @@ function load_params(): void {
     }
 
     global $HTTP_PORT;
+    if (getenv('HTTP_PORT')) {
+        $HTTP_PORT = intval(getenv('HTTP_PORT'));
+        logging::debug('Get HTTP_PORT from env -> ' . $HTTP_PORT);
+    }
     $HTTP_PORT = intval(get_param('--http-port', strval($HTTP_PORT)));
     if ($HTTP_PORT < 1 || $HTTP_PORT > 65535) { // 1 ~ 65535
         logging::critical('Illegal HTTP Port -> ' . $HTTP_PORT);
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index b0cf953..9270db3 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -10,6 +10,9 @@ events {
 }
 
 http {
+    log_format access '[$time_iso8601] $remote_addr -> $scheme://$host - "$request"'
+                      ' -> ($status) ↑$request_length ↓$bytes_sent {$http_user_agent}';
+    access_log /var/log/nginx/access.log access;
     include /etc/nginx/mime.types;
     include /etc/nginx/kms.conf;
 }