Configuration

# HTTP to HTTPS
if ($scheme = http) {
    return 301 https://$host$request_uri;
}

# Proxy
location / {
    include /etc/nginx/proxy_params;
    proxy_pass http://127.0.0.1:5000/;
}

# Custom robots.txt
location = /robots.txt {
    add_header Content-Type text/plain;
    return 200 "User-agent: *\nDisallow: /\n";
}

# Activate HTTP2 (1.9.5+)
listen 443 ssl http2;

Rate limiting

# Use $http_cf_connecting_ip instead of $binary_remote_addr when behind Cloudflare
limit_req_zone $http_cf_connecting_ip zone=php_limit:10m rate=10r/s;
limit_req_log_level warn;

location ~ \.php$ {
    limit_req zone=php_limit burst=50;
}

# Test using bash
for i in $(seq 1 30); do curl -I -s "https://[HOST]/" | head -n 1; done