Logrotate issue with NGINX log files

jasonwch · November 11, 2025, 6:44am

the logrotate config file “hestia” seems cannot properly rotate nginx-access.log and nginx-error.log

After it makes the new log files, the log still write to old one.

Tried to add this to the bottom of the file but still doesnt work

sharedscripts
    postrotate
        [ -f /run/nginx.pid ] && kill -USR1 `cat /run/nginx.pid`
        endscript

jasonwch · November 11, 2025, 8:19am

Turned out is “Hestia” service locking these 2 files so reload NGINX service wont let write into the new log file. Need to reload Hestia service instead.

sharedscripts
postrotate
	service hestia reload
endscript

sahsanu · November 11, 2025, 2:42pm

You must use the right pid for the Nginx used by Hestia:

/var/log/hestia/*.log {
    rotate 12
    monthly
    missingok
    notifempty
    create 0600 root root
    postrotate
        [ -f /run/hestia-nginx.pid ] && kill -USR1 "$(cat /run/hestia-nginx.pid)"
    endscript
}

I’ll create a PR to fix it.

sahsanu · November 11, 2025, 2:49pm

This is the PR:

jasonwch · November 11, 2025, 2:56pm

Tried but not working, this will create a new log file owned by hestiaweb, but unable to write log inside.

jasonwch · November 11, 2025, 3:21pm

as long as the files owned by hestiaweb, permission denied

2025/11/11 23:17:20 [emerg] 770942#0: open() "/var/log/hestia/nginx-error.log" failed (13: Permission denied)
2025/11/11 23:17:20 [emerg] 770942#0: open() "/var/log/hestia/nginx-access.log" failed (13: Permission denied)
2025/11/11 23:19:09 [emerg] 770942#0: open() "/var/log/hestia/nginx-error.log" failed (13: Permission denied)
2025/11/11 23:19:09 [emerg] 770942#0: open() "/var/log/hestia/nginx-access.log" failed (13: Permission denied)

sahsanu · November 11, 2025, 3:53pm

Try this:

/var/log/hestia/*.log {
    rotate 12
    monthly
    missingok
    notifempty
    create 0600 root root
    sharedscripts
    postrotate
        systemctl restart hestia.service >/dev/null 2>&1 || true
    endscript
}

jasonwch · November 11, 2025, 11:33pm

Yes this will work as service hestia reload

But may I know if I must put in || true afterward?

sahsanu · November 11, 2025, 11:52pm

I prefer to use systemctl in case Hestia drops support to the init script. Also, in this case reload and restart do exactly the same (a restart of the service).

It allows to logrotate to continue in case the restart fails.

jasonwch · November 12, 2025, 12:10am

Thanks. Seems like if I didn’t put ||True

Yesterday night, the hestia service dead and need restart manually this morning

jasonwch · November 12, 2025, 12:48am

may also need to revise your PR? Thanks

sahsanu · November 12, 2025, 1:01am

The PR also has the last change.