The logrotate configuration for virtual servers kills nginx

Virtualmin is creating logrotate .conf files for every domain name:

/etc/logrotate.d/example1.com.conf
/etc/logrotate.d/example2.com.conf
/etc/logrotate.d/example3.com.conf
...
/var/log/virtualmin/example.com_access_log /var/log/virtualmin/example.com_error_log {
    rotate 5
    weekly
    compress
    postrotate
    /bin/systemctl restart nginx.service
    endscript
    sharedscripts
}

There is a /etc/systemd/system/nginx.service.d/override.conf file with this configuration:

[Service]
Restart=always
RestartSec=3
ExecStartPost=/bin/sleep 0.1

However, after adding multiple domain names with Virtualmin logrotate is requesting many restarts of nginx (restarting it for every domain name) and after too many restarts per time period systemd is stopping nginx and does not start it automatically.

I suggest to not add a new .conf file for every domain name. It's enough to add one .conf file for all logs in the /var/log/virtualmin folder. Example:

virtualmin-domains.conf:

/var/log/virtualmin/*_log {
    rotate 5
    weekly
    compress
    postrotate
    /bin/systemctl reload nginx.service
    endscript
    sharedscripts
}

Also, for some unknown reason, old logs are bing kept ("rotate 5" is not honoured by logrotate).

Here is the original /etc/logrotate.d/nginx, I suppose it's not created by Virtualmin or Webmin:

/var/log/nginx/*log {
    create 0664 nginx root
    daily
    rotate 10
    missingok
    notifempty
    compress
    sharedscripts
    postrotate
        /bin/kill -USR1 `cat /run/nginx.pid 2>/dev/null` 2>/dev/null || true
    endscript
}

It is using USR1 signal which does not restart nginx, only gives signal to start writing to the new log file.

More information (logs, discussion): https://old.reddit.com/r/sysadmin/comments/j5gwlh/nginx_is_being_restart...

Not sure if adding create 0664 nginx root will be better. Or using the method with USR1 signal, instead of systemctl reload.

Another solution is to modify the original /etc/logrotate.d/nginx like this:

/var/log/nginx/*log /var/log/virtualmin/*_log {
    create 0664 nginx root
    daily
    rotate 10
    missingok
    notifempty
    compress
    sharedscripts
    postrotate
        /bin/kill -USR1 `cat /run/nginx.pid 2>/dev/null` 2>/dev/null || true
    endscript
}
Status: 
Active
Virtualmin version: 
6.08
Webmin version: 
1.941

Comments

You can work around this by editing the file /etc/webmin/virtualmin-nginx/config and adding a line like :

rotate_cmd=/bin/kill -USR1 `cat /run/nginx.pid 2>/dev/null` 2>/dev/null || true

this will be used in all new logrotate configs.