diff --git a/conf/nginx.conf b/conf/nginx.conf
index 565b921..37e57c7 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -23,3 +23,31 @@ location __PATH__/ {
   # Include SSOWAT user panel.
   include conf.d/yunohost_panel.conf.inc;
 }
+
+    # rate limit the login or password reset pages
+    location ~ ^/(login[^-/]|password-reset|resend-link|2fa-check) {
+        limit_req zone=loginlimit;
+        proxy_pass http://127.0.0.1:__PORT__;
+    }
+
+    location /api/updates/ {
+        access_log off;
+        proxy_pass http://127.0.0.1:__PORT__;
+    }
+
+    # directly serve images and static files from the
+    # bookwyrm filesystem using sendfile.
+    # make the logs quieter by not reporting these requests
+    location ~ ^/(images|static)/ {
+        root /app;
+        try_files $uri =404;
+        add_header X-Cache-Status STATIC;
+        access_log off;
+    }
+
+    # monitor the celery queues with flower, no caching enabled
+    location /flower/ {
+       proxy_pass http://flower:8888;
+       proxy_cache_bypass 1;
+    }
+}