diff --git a/roles/public_html/tasks/main.yml b/roles/public_html/tasks/main.yml
index d40bd3bf75484d194ad2150001bab76076627109..16274393201beb132aea1fd30a00d3bd4ab72dbd 100644
--- a/roles/public_html/tasks/main.yml
+++ b/roles/public_html/tasks/main.yml
@@ -21,6 +21,9 @@
     - generate-public_html.timer
     - generate-public_html.service
 
+- name: make nginx log dir
+  file: path=/var/log/nginx/{{ public_domain }} state=directory owner=http group=log mode=755
+
 - name: set up nginx
   template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/public_html.conf owner=root group=root mode=0644
   notify:
diff --git a/roles/public_html/templates/nginx.d.conf.j2 b/roles/public_html/templates/nginx.d.conf.j2
index 59bd590df6dadbfdd6dfa74b0ed98bdf1894b2d0..041901525c4abbadba06ce180a86ba3f3ef1854f 100644
--- a/roles/public_html/templates/nginx.d.conf.j2
+++ b/roles/public_html/templates/nginx.d.conf.j2
@@ -4,6 +4,9 @@ server {
     server_name  {{ public_domain }} www.{{ public_domain }};
     root         /srv/public_html;
 
+    access_log   /var/log/nginx/{{ public_domain }}/access.log;
+    error_log    /var/log/nginx/{{ public_domain }}/error.log;
+
     include snippets/letsencrypt.conf;
 
     location ~ ^/~([A-Za-z0-9]+)(/.*)? {
@@ -19,6 +22,9 @@ server {
     server_name  {{ public_domain }} www.{{ public_domain }};
     root         /srv/public_html;
 
+    access_log   /var/log/nginx/{{ public_domain }}/access.log;
+    error_log    /var/log/nginx/{{ public_domain }}/error.log;
+
 {% if certfile.stat.exists %}
     ssl_certificate      /etc/letsencrypt/live/{{ public_domain }}/fullchain.pem;
     ssl_certificate_key  /etc/letsencrypt/live/{{ public_domain }}/privkey.pem;
diff --git a/roles/syncrepo/tasks/main.yml b/roles/syncrepo/tasks/main.yml
index bb0c3419d6d2744c14b76d6e2d94d00bf94cf048..331fc4a766fd4f465ba992243caa0c9273d3dd73 100644
--- a/roles/syncrepo/tasks/main.yml
+++ b/roles/syncrepo/tasks/main.yml
@@ -41,6 +41,9 @@
     insertbefore: BOF
     create: true
 
+- name: make nginx log dir
+  file: path=/var/log/nginx/{{ mirror_domain }} state=directory owner=http group=log mode=755
+
 - name: set up nginx
   template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/syncrepo.conf owner=root group=root mode=0644
   notify:
diff --git a/roles/syncrepo/templates/nginx.d.conf.j2 b/roles/syncrepo/templates/nginx.d.conf.j2
index 7647895caf794c412b801ce22e33e57f08e6fb78..58e4107b9157a210b7d182d9782ff2eb985d5d74 100644
--- a/roles/syncrepo/templates/nginx.d.conf.j2
+++ b/roles/syncrepo/templates/nginx.d.conf.j2
@@ -4,6 +4,9 @@ server {
     server_name  {{ mirror_domain }};
     root         /srv/ftp;
 
+    access_log   /var/log/nginx/{{ mirror_domain }}/access.log;
+    error_log    /var/log/nginx/{{ mirror_domain }}/error.log;
+
     include snippets/letsencrypt.conf;
 
     autoindex on;
@@ -15,6 +18,9 @@ server {
     server_name  {{ mirror_domain }};
     root         /srv/ftp;
 
+    access_log   /var/log/nginx/{{ mirror_domain }}/access.log;
+    error_log    /var/log/nginx/{{ mirror_domain }}/error.log;
+
 {% if certfile.stat.exists %}
     ssl_certificate      /etc/letsencrypt/live/{{ mirror_domain }}/fullchain.pem;
     ssl_certificate_key  /etc/letsencrypt/live/{{ mirror_domain }}/privkey.pem;