choose connection and nofile numbers, increase error_log level to get modsecurity rules, add MODSECURITY_SEC_AUDIT_ENGINE var

confs/global/nginx.conf

@@ -25,9 +25,12 @@ pcre_jit on;
 # config files for dynamic modules
 include /etc/nginx/modules/*.conf;
 
+# max open files for each worker
+worker_rlimit_nofile %WORKER_RLIMIT_NOFILE%;
+
 events {
 	# max connections per worker
-	worker_connections 1024;
+	worker_connections %WORKER_CONNECTIONS%;
 
 	# epoll seems to be the best on Linux
 	use epoll;
@@ -50,7 +53,7 @@ http {
 	# write logs to local syslog
 	log_format logf '%LOG_FORMAT%';
 	access_log syslog:server=unix:/tmp/log,nohostname,facility=local0,severity=notice logf;
-	error_log syslog:server=unix:/tmp/log,nohostname,facility=local0 notice;
+	error_log syslog:server=unix:/tmp/log,nohostname,facility=local0 info;
 
 	# temp paths
 	proxy_temp_path /tmp/proxy_temp;
@@ -63,8 +66,8 @@ http {
 	reset_timedout_connection on;
 
 	# timeouts
-	client_body_timeout 12;
-	client_header_timeout 12;
+	client_body_timeout 10;
+	client_header_timeout 10;
 	keepalive_timeout 15;
 	send_timeout 10;
 

confs/site/modsecurity-rules.conf

@@ -49,7 +49,7 @@ SecResponseBodyLimit 524288
 SecResponseBodyLimitAction ProcessPartial
 
 # log usefull stuff
-SecAuditEngine RelevantOnly
+SecAuditEngine %MODSECURITY_SEC_AUDIT_ENGINE%
 SecAuditLogType Serial
 SecAuditLog /var/log/nginx/modsec_audit.log