Nginx Log Rotation on DigitalOcean (Ubuntu/Debian) — 75 Days

This guide configures logrotate to keep Nginx logs for ~75 days, rotating daily, compressing old logs, and safely signaling Nginx to reopen files after rotation.

0) Confirm a few site-specific details

Please answer these so I can tailor the exact config:

• What are your active Nginx log file paths?
  • access: e.g., /var/log/nginx/access.log (or per-site: /var/log/nginx/gbc_access.log)
  • error: e.g., /var/log/nginx/error.log (or per-site: /var/log/nginx/gbc_error.log)
• What user runs Nginx on your droplet? (usually www-data)
• What group should own the rotated logs? (often adm)
• PID file path (usually /run/nginx.pid)
• Do you have any custom-named logs that must be included?

Once confirmed, substitute below or I’ll produce a finalized snippet for you.

1) Create/Update the logrotate policy

Create or overwrite /etc/logrotate.d/nginx with a 75‑day policy.

sudo tee /etc/logrotate.d/nginx >/dev/null <<'EOF'
/var/log/nginx/*access*.log /var/log/nginx/*error*.log {
  daily
  rotate 75            # keep ~75 days of archives
  dateext              # append date to rotated files
  missingok
  notifempty
  compress
  delaycompress
  sharedscripts
  create 0640 www-data adm
  postrotate
    # Signal nginx to reopen logs after rotation
    [ -s /run/nginx.pid ] && kill -USR1 $(cat /run/nginx.pid) 2>/dev/null || true
  endscript
}
EOF

Notes:

• Replace www-data adm if your user/group differ.
• If you use custom filenames (e.g., /var/log/nginx/gbc_access.log), either:
  • keep the wildcards (they’ll match), or
  • explicitly list them on the first line.

2) Verify Nginx points to the expected files

Check your active config to confirm log paths:

sudo nginx -T | grep -nE 'access_log|error_log'

If paths are outside /var/log/nginx/, add those exact files to the first line in /etc/logrotate.d/nginx.

3) Dry-run test (no changes)

sudo logrotate -d /etc/logrotate.conf

You should see it reference /etc/logrotate.d/nginx and list the targeted log files.

4) Force a rotation once (optional)

sudo logrotate -f /etc/logrotate.conf

Then list rotated files:

ls -lh /var/log/nginx/

Expect files like access.log-YYYYMMDD.gz to appear.

5) Confirm Nginx reopened logs

Make a request to your site, then ensure access.log is still growing:

sudo tail -n 5 /var/log/nginx/access.log

If needed, verify Nginx still has file descriptors open to the new files:

sudo ls -l /proc/$(cat /run/nginx.pid)/fd | grep '/var/log/nginx' || true

6) Ensure rotation runs daily

On Ubuntu, logrotate runs via systemd.

systemctl status logrotate.timer 2>/dev/null || true

If inactive, enable it:

sudo systemctl enable --now logrotate.timer

Optional variations

• Shorter/longer retention per log type:
  • Split into two stanzas and set rotate separately for access vs error logs.
• Journald setups: if you log to the system journal instead of files, use /etc/systemd/journald.conf with MaxRetentionSec=75day (not typical for Nginx file logs).

Next: provide specifics

Reply with:

• access log path(s):
• error log path(s):
• nginx user/group:
• pid file path:
• any custom log filenames:

I’ll produce a finalized /etc/logrotate.d/nginx tailored to your droplet.