FWIW Cowboy has code to protect against slow requests: http://blog.differentpla.net/blog/2013/11/03/cowboy-request-timeouts … though I have not tested if that is sufficient in practice.
That said, cowboy is used a lot in production environments, and while no software can be considered 100% secure, it seems to be quite solid in practice.
On the topic of porxying, I would definitely recommend haproxy over apache, and even nginx. Apache is far more than one needs for a simple proxy (overhead, config management, …) and while nginx makes for a fine proxy (and not just for http), haproxy is a magical combination of small, fast and extremely featureful. It does all the SSL/TLS offloading along with a variety of load-balancing and port-forwarding goodies (and a reasonable integrated web app for monitoring) while consuming minimal resources … unless you are actually needing a web server (in which case nginx can make sense; forward some requests, serve up static content for others), just use haproxy.