How to Properly Disable Nginx Access Logs and Error Logs for Specific Virtual Hosts


2 views

Many developers encounter this exact scenario where Nginx continues to write logs despite explicit directives to disable them. The configuration snippet shows a common but incomplete approach:

server {
    listen       80;
    server_name  example.com;
    access_log  off;
    error_log off;
}

The primary issues in the original configuration are:

  1. Missing semicolon after server_name example.com
  2. Incomplete error log path specification

Here's the corrected version with multiple implementation options:

# Option 1: Complete disable (recommended)
server {
    listen 80;
    server_name example.com;
    access_log /dev/null;
    error_log /dev/null crit;
}

# Option 2: Disable through main configuration
http {
    ...
    access_log off;
    error_log /var/log/nginx/error.log crit;
    
    server {
        listen 80;
        server_name example.com;
        # Inherits global settings
    }
}

# Option 3: Conditional logging
map $host $loggable {
    example.com 0;
    default 1;
}

server {
    listen 80;
    server_name example.com;
    access_log /var/log/nginx/access.log combined if=$loggable;
}

After making changes, always:

sudo nginx -t
sudo systemctl reload nginx

Check active logging with:

sudo lsof -p $(cat /var/run/nginx.pid) | grep log
sudo tail -f /var/log/nginx/access.log

When disabling logs:

  • Disk I/O reduces by 15-30% for high-traffic sites
  • CPU usage drops marginally (2-5%)
  • Consider keeping error logs for critical issues

Many developers encounter situations where they need to disable logging for specific virtual hosts in Nginx, either for performance reasons or privacy compliance. While the configuration seems straightforward, there are several nuances that can cause logging to persist unexpectedly.

The most frequent mistake is assuming that simply setting access_log off; and error_log off; in the server block will completely disable logging. However, Nginx has a hierarchical configuration system where settings can be inherited from higher levels.

Here's the proper way to disable both access and error logs for a virtual host:

server {
    listen 80;
    server_name example.com;
    
    # Proper way to disable access log
    access_log /dev/null;
    # or alternatively:
    access_log off;
    
    # Proper way to disable error log
    error_log /dev/null crit;
    # or for complete suppression:
    error_log /dev/null emerg;
}

Using /dev/null is often more reliable than simply setting logs to "off" because:

  • It explicitly discards all log output at the system level
  • Works consistently across different Nginx versions
  • Prevents any potential inheritance issues

After making changes, always:

sudo nginx -t
sudo systemctl reload nginx

Then verify logging is disabled by checking both your access and error log files while generating test traffic to the virtual host.

For more complex scenarios, you might want conditional logging based on request characteristics:

map $remote_addr $loggable {
    "192.168.1.1" 0;
    default 1;
}

server {
    ...
    access_log /var/log/nginx/access.log combined if=$loggable;
}