# we limit both on IP (single machine) as well as project ID
limit_req_zone  $binary_remote_addr  zone=sentry1:10m   rate=3r/s;
limit_req_zone  $projectid  zone=sentry2:10m   rate=3r/s;

server {
   listen 80;
   server_name sentry.example.com;

   # limit_req_status requires nginx 1.3.15 or newer
   limit_req_status 429;

   charset utf-8;

   access_log /var/log/nginx/sentry.access.log;
   error_log /var/log/nginx/sentry.error.log;

   proxy_set_header   Host                 $http_host;
   proxy_set_header   X-Real-IP            $remote_addr;
   proxy_set_header   X-Forwarded-For      $proxy_add_x_forwarded_for;
   proxy_set_header   X-Forwarded-Proto    $scheme;
   proxy_redirect     off;

   # keepalive + raven.js is a disaster
   keepalive_timeout 0;

   # use very aggressive timeouts
   proxy_read_timeout 5s;
   proxy_send_timeout 5s;
   send_timeout 5s;
   resolver_timeout 5s;
   client_body_timeout 5s;

   # buffer larger messages
   client_max_body_size 150k;
   client_body_buffer_size 150k;

   location / {
      proxy_pass http://localhost:9000;
   }

   location ~* /api/(?P<projectid>\d+/)?store/ {
      proxy_pass        http://localhost:9000;

      limit_req   zone=sentry1  burst=3  nodelay;
      limit_req   zone=sentry2  burst=10  nodelay;
   }
}