diff --git a/install/dist/lib/fedora.lib.php b/install/dist/lib/fedora.lib.php
index 9ceae29caf29020787c2c49bad72818c6c6c99f3..f1d57f9c83fdb12327395262570c061feaca865b 100644
--- a/install/dist/lib/fedora.lib.php
+++ b/install/dist/lib/fedora.lib.php
@@ -812,6 +812,17 @@ class installer_dist extends installer_base {
 		//* add a sshusers group
 		$command = 'groupadd sshusers';
 		if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+	
+		// add anonymized log option to nginxx.conf file
+		$nginx_conf_file = $conf['nginx']['config_dir'].'/nginx.conf';
+		if(is_file($nginx_conf_file)) {
+			$tmp = file_get_contents($nginx_conf_file);
+			if(!stristr($tmp, 'log_format anonymized')) {
+				copy($nginx_conf_file,$nginx_conf_file.'~');
+				replaceLine($nginx_conf_file, 'http {', "http {\n\n".file_get_contents('tpl/nginx_anonlog.master'), 0, 0);
+			}
+		}
+	
 	}
 
 	public function configure_bastille_firewall()
diff --git a/install/dist/lib/opensuse.lib.php b/install/dist/lib/opensuse.lib.php
index 277a9dc22022ae2b29d324139f92a867fbbef3a8..b83b24dcfaf0615aa6c034d95f80e1ce63fcada1 100644
--- a/install/dist/lib/opensuse.lib.php
+++ b/install/dist/lib/opensuse.lib.php
@@ -823,6 +823,16 @@ class installer_dist extends installer_base {
 		//* add a sshusers group
 		$command = 'groupadd sshusers';
 		if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+	
+		// add anonymized log option to nginxx.conf file
+		$nginx_conf_file = $conf['nginx']['config_dir'].'/nginx.conf';
+		if(is_file($nginx_conf_file)) {
+			$tmp = file_get_contents($nginx_conf_file);
+			if(!stristr($tmp, 'log_format anonymized')) {
+				copy($nginx_conf_file,$nginx_conf_file.'~');
+				replaceLine($nginx_conf_file, 'http {', "http {\n\n".file_get_contents('tpl/nginx_anonlog.master'), 0, 0);
+			}
+		}
 	}
 
 	public function configure_bastille_firewall()
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index 7d3092372b2df21b8b017c34661260894e7d965e..8a1dcd465c809b39b06ebb8fcb235b84cfd27e78 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -1843,6 +1843,17 @@ class installer_base {
 		//* add a sshusers group
 		$command = 'groupadd sshusers';
 		if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+		
+		// add anonymized log option to nginxx.conf file
+		$nginx_conf_file = $conf['nginx']['config_dir'].'/nginx.conf';
+		if(is_file($nginx_conf_file)) {
+			$tmp = file_get_contents($nginx_conf_file);
+			if(!stristr($tmp, 'log_format anonymized')) {
+				copy($nginx_conf_file,$nginx_conf_file.'~');
+				replaceLine($nginx_conf_file, 'http {', "http {\n\n".file_get_contents('tpl/nginx_anonlog.master'), 0, 0);
+			}
+		}
+		
 	}
 
 	public function configure_fail2ban() {
diff --git a/install/tpl/nginx_anonlog.master b/install/tpl/nginx_anonlog.master
new file mode 100644
index 0000000000000000000000000000000000000000..77b1dbbcc6655c2744057775498267efebd05d11
--- /dev/null
+++ b/install/tpl/nginx_anonlog.master
@@ -0,0 +1,20 @@
+map $remote_addr $ip_anonym1 {
+default 0.0.0;
+"~(?P<ip>(\d+)\.(\d+)\.(\d+))\.\d+" $ip;
+"~(?P<ip>[^:]+:[^:]+):" $ip;
+}
+
+map $remote_addr $ip_anonym2 {
+default .0;
+"~(?P<ip>(\d+)\.(\d+)\.(\d+))\.\d+" .0;
+"~(?P<ip>[^:]+:[^:]+):" ::;
+}
+
+map $ip_anonym1$ip_anonym2 $ip_anonymized {
+default 0.0.0.0;
+"~(?P<ip>.*)" $ip;
+}
+
+log_format anonymized '$ip_anonymized - $remote_user [$time_local] '
+'"$request" $status $body_bytes_sent '
+'"$http_referer" "$http_user_agent"';
diff --git a/interface/web/admin/lib/lang/en_server_config.lng b/interface/web/admin/lib/lang/en_server_config.lng
index 4393a5255df25c69996111978197d009538bdd16..5d087356e71aa3adbf9daad4510d390831da23e4 100644
--- a/interface/web/admin/lib/lang/en_server_config.lng
+++ b/interface/web/admin/lib/lang/en_server_config.lng
@@ -289,7 +289,7 @@ $wb['skip_le_check_txt'] = 'Skip Lets Encrypt Check';
 $wb['migration_mode_txt'] = 'Server Migration Mode';
 $wb['nginx_enable_pagespeed_txt'] = 'Makes Pagespeed available';
 $wb['logging_txt'] = 'Store website access and error logs';
-$wb['logging_desc_txt'] = 'Use Tools > Resync to apply changes to existing sites.';
+$wb['logging_desc_txt'] = 'Use Tools > Resync to apply changes to existing sites. For Apache, access and error log can be anonymized. For nginx, only the access log is anonymized, the error log will contain IP addresses.';
 $wb['log_retention_txt'] = 'Log retention (days)';
 $wb['log_retention_error_ispositive'] = 'Log retention must be a number > 0';
 ?>
diff --git a/interface/web/admin/templates/server_config_web_edit.htm b/interface/web/admin/templates/server_config_web_edit.htm
index 5a28ffc58dd35be5462ca04ac592acc2fdfeb514..c1bae44c06f042850131ebe915062840ad7c7bad 100644
--- a/interface/web/admin/templates/server_config_web_edit.htm
+++ b/interface/web/admin/templates/server_config_web_edit.htm
@@ -110,7 +110,7 @@
                 <div class="col-sm-9">
 					<select name="logging" id="logging" class="form-control">
                         {tmpl_var name='logging'}
-                    </select>
+                    </select> {tmpl_var name='logging_desc_txt'}
 				</div>
             </div>
             <div class="form-group">
diff --git a/server/conf/nginx_vhost.conf.master b/server/conf/nginx_vhost.conf.master
index 596662d8a9c2dc37bf9f41eec1c1f2418ac272d6..1fd98a58997efee0f00e9daf2f59df08bd5810a0 100644
--- a/server/conf/nginx_vhost.conf.master
+++ b/server/conf/nginx_vhost.conf.master
@@ -110,8 +110,14 @@ server {
         }
 </tmpl_if>
 		
+<tmpl_if name='logging' op='==' value='yes'>
         error_log /var/log/ispconfig/httpd/<tmpl_var name='domain'>/error.log;
         access_log /var/log/ispconfig/httpd/<tmpl_var name='domain'>/access.log combined;
+</tmpl_var>
+<tmpl_if name='logging' op='==' value='anon'>
+        error_log /var/log/ispconfig/httpd/<tmpl_var name='domain'>/error.log;
+        access_log /var/log/ispconfig/httpd/<tmpl_var name='domain'>/access.log anonymized;
+</tmpl_var>
 
         ## Disable .htaccess and other hidden files
 		location ~ /\. {
diff --git a/server/plugins-available/nginx_plugin.inc.php b/server/plugins-available/nginx_plugin.inc.php
index c09e226d0a683a4e647bb498d310e56f94bf1755..20ba4e96f004ce1a359339edc1cc2f4c50ade13e 100644
--- a/server/plugins-available/nginx_plugin.inc.php
+++ b/server/plugins-available/nginx_plugin.inc.php
@@ -1524,6 +1524,9 @@ class nginx_plugin {
 			}
 			unset($tmp_output, $tmp_retval);
 		}
+		
+		// set logging variable
+		$vhost_data['logging'] = $web_config['logging'];
 
 		$tpl->setVar($vhost_data);