nginx.conf

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    # hashcat-wpa-server does not send any files
    #sendfile        on;
    #tcp_nopush     on;

    #gzip  on;

    # state information for about 16,000 IP addresses occupies ~1 megabyte of the zone
    # https://docs.nginx.com/nginx/admin-guide/security-controls/controlling-access-proxied-http/
    limit_req_zone $binary_remote_addr zone=app:1m rate=1r/s;
    limit_conn_zone $binary_remote_addr zone=connection_rule:1m;

    server {
        listen 80 deferred;
        server_name localhost;
        access_log  /var/log/nginx/host.access.log  main;

        client_max_body_size 100m;
        client_body_timeout 30s;
        client_header_timeout 30s;

        # might be useless since we don't keep the connection alive
        keepalive_timeout  10;

        location / {
            # Catch all
            try_files $uri @proxy_to_app;
        }

        location @proxy_to_app {
            limit_req zone=app burst=5;
            limit_conn connection_rule 5;
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            # we don't want nginx trying to do something clever with
            # redirects, we set the Host: header above already.
            proxy_redirect off;
            proxy_pass http://127.0.0.1:8000;
        }

    }
}