That you are already running nginx is a good start - event based servers are much more resilient against sloloris type attacks.
Still it's a good idea to prevent DOS attacks as far awayas possible from your application. The next step is iptables.
You need to think about how you clssify attacks and differentiate them from real traffic - the speed at which new conections are being created is a very good indicator - and you can configure iptables to limit new connections on a per ip basis:
iptables -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent \
--update --seconds 30 --hitcount 80 -j DROP
(drops new connection requests when the rate rises above 80 each 30 seconds)
You can limit the number of concurrent connections per ip address:
iptables -A INPUT -p tcp --syn --dport 80 -m connlimit \
--connlimit-above 20 -j REJECT --reject-with tcp-reset
It's also a good idea to limit bandwidth, depending on your traffic profile to, say10% of the available bandwidth - this is done using tc rather than iptables.
Then, for the connections which get through, there may be characteristics in the HTTP request which would identify an attack (referrer, URL requested, user-agent, accept-language....) it doesn't matter what specific values you pick for these just now - you just need to esure that you've got the machinery in place where you can quickly change the parameters at the first sign of an attack. While you could handle the request on the webserver, a better solution is to block access from the remote IP address using iptables - fail2ban is the tool for bridging your log data to your iptables config.
Of course for a large scale DDOS this isn't going to solve the problem of the attackers stuffing your internet pipe with packets your server ignores - for that you need to speak to your upstream provider.