Watching my website's firewall and ssh logs show all the various hacking attempts is calming in the same way that watching waves crash on to the shore is.

More like looking a thin net preventing mosquitoes from biting your skin, as there is some intention behind it, not just physics.

Which really isn't a problem, unless you're being scanned so much your bandwidth is being overwhelmed. Certainly not the case for me, despite having port 80 and 443 open

I have a server that has a slow (5s) response to unknown pages, returns it as 200, and makes the next failing request even slower (for unauthenticated users). That seems to keep the number of requests limited. Perhaps I should just drop the connection after a certain number of requests.

BTW, quite a few of these port scanners are companies that offer to scan your ports for vulnerabilities. Temu pen testing, so to speak.

Do you configure this in your firewall? How can I replicate this?

what firewall do you use?

It's in the "404" handler of the backend. It should be possible to write a caddy or nginx module for it.

Damn that's like Blood War in DND...

Per day? per minute or second.