You could have one or more applications proxied behind nginx and you want to set rate limites to prevent DDOS attacks .
The configuration is simple. The very details of each and every parameter can be found here.
https://www.nginx.com/blog/rate-limiting-nginx/
You can configure this by using the following steps:
Configure the HTTP block, usually present in the nginx.conf file. One of the critical and important things to note this is, this can only be configured at one place , not per site. So Do your configurations accordingly and keep configuration local as much as possible, in the apps conf file. So here is the config
The above statements declare that you are tracking by the ipv4 or ipv6 addresses and limiting the requests by their ip addresses.
20m is the memory size that is allocated to store the states.
2. The application level configuration is again simple. We will be declaring the limit rule, we will do the following
limit_req zone=limitreqsbyaddr burst=10 delay=5;
defining zone to be the limitrequests by address, keeping the burst to 10, burst is what additional can be allowed as capacity and start delaying requests after 5 requests.
Try this and let us know if you need any help. This can be configured in the nginx free version.