DDOS mitigation nginx

Set rate limmiting

in nginx.conf http block set:
limit_req_zone $binary_remote_addr zone=mylimit:10m rate=10r/s;

where:
$binary_remote_addr - rate limiting via ip address
zone=mylimit:50m - zone name mylimit; size of information state file
rate=10r/m - allow 10 requests per minute, 11th regest end us in queue

in vhost configuration server block

location /login/ {
limit_req zone=mylimit burst=20 nodelay;

proxy_pass http://my_upstream;
}