Shop. The web server with nginx, php-fpm + mysql.
Selectel server Xeon E3-1230 v5 3.4 GHz (4 cores 8 threads). Of RAM 32GB. 2х240гб SSD. Channel 1Gbps and 30ТБ traffic.
Can on this to survive, when half a million visitors per day. And there are always detractors that will try to organize a DDoS attack.
From the primitive attacks on the selection of passwords and port scans and "F5" we have insurance.
What to do if there is an attack on the network infrastructure, I don't know. Selectel said he would kill the server. Can make a large flow of visitors for the attack bots...
Think about Cloudflare. As it is now furnished with locking Roskomnadzor their IP addresses?
In fact, I need only hide the real ip of the server (proxying).
There are rumors that the number of visitors decreases when using Cloudflare, even if the ip is clean. Maybe some providers block unauthorized and domain and ip, and in the registry locks the domain only.
Can deploy your cloud proxy? There are some articles on this topic, manuals?
Well, the lock address is cloudflare, cloudflare themselves offer to take the business fare, and if a custom ssl, then they will give 2 dedicated ip.
Also you can connect an additional protection in the selectel, is the protection of ddos-guard.