diff --git a/docker/nginx-ssl.conf b/docker/nginx-ssl.conf
index f2ebd40..3afc1b8 100644
--- a/docker/nginx-ssl.conf
+++ b/docker/nginx-ssl.conf
@@ -15,6 +15,12 @@ http {
     default_type application/octet-stream;
     access_log /dev/stdout combined;
     sendfile on;
+    client_max_body_size 1m;
+    large_client_header_buffers 4 2k;
+
+    limit_req_zone $binary_remote_addr zone=login_ip:10m rate=30r/m;
+    limit_conn_zone $binary_remote_addr zone=conn_per_ip:10m;
+    limit_conn conn_per_ip 100;
 
     upstream app_server {
         # For a TCP configuration:
@@ -23,7 +29,6 @@ http {
 
     server {
         listen 80 default;
-        client_max_body_size 4G;
         server_name _;
 
         keepalive_timeout 5;
@@ -36,7 +41,6 @@ http {
 
     server {
         listen 80;
-        client_max_body_size 4G;
         server_name layers.openembedded.org;
 
         keepalive_timeout 5;
@@ -98,6 +102,8 @@ http {
         ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
         ssl_ciphers         HIGH:!aNULL:!MD5;
 
+        keepalive_timeout 20;
+
         # path for static files
         root /usr/share/nginx/html;
 
@@ -109,6 +115,11 @@ http {
             try_files $uri @proxy_to_app;
         }
 
+        location /accounts/login {
+            limit_req zone=login_ip burst=5;
+            try_files $uri @proxy_to_app;
+        }
+
         location @proxy_to_app {
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_set_header Host $http_host;
diff --git a/docker/nginx.conf b/docker/nginx.conf
index 6901959..17158fe 100644
--- a/docker/nginx.conf
+++ b/docker/nginx.conf
@@ -23,10 +23,10 @@ http {
 
     server {
         listen 80 default;
-        client_max_body_size 4G;
+        client_max_body_size 1m;
         server_name _;
 
-        keepalive_timeout 5;
+        keepalive_timeout 20;
 
         # path for static files
         root /usr/share/nginx/html;