Nginx doesnt' log into access.log

I'v been struggling with Nginx logging. A problem that I found out first was logrotate failure. so I've changed user to the same owner of nginx worker process which is www-data and I forced logrotate, then It suddenly stopped to log.

here's the permission

$ ls -al
total 3876
drwxrwxrwx  2 www-data adm       4096 Apr 11 01:09 .
drwxrwxr-x 10 root     syslog    4096 Apr 11 00:00 ..
-rw-r--rwx  1 www-data adm          0 Apr 11 01:09 access.log

$ ps -eo "%U %G %a" | grep nginx
root     root     nginx: master process nginx
www-data www-data nginx: worker process
www-data www-data nginx: worker process
root     root     nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
www-data www-data nginx: worker process
www-data www-data nginx: worker process
ubuntu   ubuntu   grep --color=auto nginx

and this is the logrotate configuration:

/var/log/nginx/*.log {
    daily
    missingok
    rotate 14
    compress
    delaycompress
    notifempty
    create 0640 www-data adm
    sharedscripts
    prerotate
        if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
            run-parts /etc/logrotate.d/httpd-prerotate; \
        fi \
    endscript
    postrotate
        invoke-rc.d nginx rotate >/dev/null 2>&1;
        DIR=$(dirname $1);
                USER=$(stat -c "%U" $DIR);
                chmod 647 $DIR/access.log;
    endscript
}

This is quite overengineered.

/var/log/nginx/*.log {
    daily
    missingok
    rotate 14
    compress
    delaycompress
    create 0640 www-data adm
    su www-data adm
    sharedscripts
    postrotate
        killall -USR1 nginx
    endscript
}

Basically the line su www-data adm is the one you're missing. Also note that when creating new vhost config and doing nginx -s reload - nginx will create new access/error logs (if defined) from root, which will effectively stop their rotation in the future.