It would be a good idea to implement simple rate limits in nginx so that a D(D)oS is easier to fend off and couple the whole thing with netfilter 🙂
So the installation would be even better secured 🙂
Secure can never be enough.
What exactly would you rate limit? All requests, login attempts? And you really can’t block DDoS - you just have to survive it until the attacker loses interests.
All reguests 🙂 yes i know that DDoS can’t get fight really but is better to make it harder then to soft 🙂
I am implementing rate limits on my other projects at this point and it can help a lot if such a flood arrives.