logrotate postrotate seems not being executed

Question

I have this configuration on Ubuntu 20.04:

/home/impulse/nginx/log/*/notice.log /home/impulse/nginx/log/*/access.status_ok.log /home/impulse/nginx/log/*/access.status_erro.log {
  daily
  nomail
  dateext
  rotate 31
  dateyesterday
  create root root
  notifempty
  nocompress
  extension .log
  # Script to notify nginx that logfile changed.
  postrotate
    docker exec -ti impulse_web sudo pkill -HUP nginx
  endscript
}

docker binary is only allowed via sudo on the server. The postrotate script is not being executed.

My question is, under which account does logrotate run ? And, can I log its execution to track why this isn't being applied ?

The script works when called on the terminal with sudo.

My current log dir:

-rw-r--r-- 1 root root 3073955 fev  3 11:02 access.status_ok-20210128.log
-rw-r--r-- 1 root root       0 jan 29 00:00 access.status_ok.log

Since access.status_ok.log is empty, the logrotate fails. And nginx keeps logging in the old file because the postrotate failed.

Answer 1

This issue had 2 misunderstandings:

• HUP signal sent to nginx makes it re-opens log files: it doesn't, USR1 does, see here: https://nginx.org/en/docs/control.html
• The signal was sent to all nginx processes: it shouldn't, it should only be sent to the master process, see here: https://mailman.nginx.org/pipermail/nginx/2011-January/024438.html

And one main FACEPALM reason:

• docker exec in the postrotate script must not had the -ti options, because it's not running in an interactive terminal.....

The debug logs from systemd were there all the time, but they were NOT recorded in /var/log/syslog. The following helped:

https://unix.stackexchange.com/questions/225401/how-to-see-full-log-from-systemctl-status-service

https://askubuntu.com/questions/1083537/how-do-i-properly-install-a-systemd-timer-and-service

Do systemd unit files have to be reloaded when modified?