diff --git a/roles/nginx/server/tasks/main.yml b/roles/nginx/server/tasks/main.yml
index 9f77876..ebcf2a8 100644
--- a/roles/nginx/server/tasks/main.yml
+++ b/roles/nginx/server/tasks/main.yml
@@ -70,6 +70,25 @@
     job: /usr/local/sbin/nginx-logrotate
   when: ansible_os_family == "OpenBSD"
 
+- name: set logdir permissions
+  file:
+    path: /var/log/nginx
+    mode: 0755
+    owner: root
+    group: root
+  when:
+    - ansible_distribution == "CentOS"
+    - ansible_distribution_major_version == "7"
+
+- name: set logfile permissions
+  lineinfile:
+    path: /etc/logrotate.d/nginx
+    regexp: '^\s+create '
+    line: "    create 0644 nginx root"
+  when:
+    - ansible_distribution == "CentOS"
+    - ansible_distribution_major_version == "7"
+
 - import_role:
     name: sftpuser
   vars: