You can block xmlrpc.php and wp-login.php via NGINX with the following configs
xmlrpc.php for NGINX
location = /xmlrpc.php { deny all; }
To allow JetPacks IP addresses through adjust the config to allow certain IPs
location = /xmlrpc.php { allow 192.0.64.0/18; allow 64.34.206.0/24; allow 198.181.116.0/22; allow 66.155.105.128/26; allow 69.90.253.0/24; allow 76.74.248.128/25; allow 76.74.255.0/25; allow 2001:1978:1e00:3::/64; allow 2620:115:c000::/40; deny all; }
wp-login.php for NGINX
You would want to allow at least 1 IP address for backend access…
location = /wp-login.php { allow 1.2.3.4; deny all; }
If you wanted more IP addresses just add additional allow lines.
Test your new config by tailing the error log…
tail -f /home/<user>/logs/nginx/webapp_error.log
Visit the xmlrpc.php and wp-login.php via IP addresses not allowed to see a 403 error.