ERR_CONNECTION_TIMED_OUT (Nginx Fails, 100% CPU)

virtubox · November 5, 2018, 1:47am

Okay I understand. That’s the first time I see an issue with Nginx using too much CPU. On my servers, Nginx worker process use CPU only when there are several files downloaded from the server, and it do not use more than 15-20% of a single core. You can try nmon to get more informations about resources usage than with htop.

apt install nmon

nschopra · November 5, 2018, 2:56am

Thanks, Master, I will dig it more. However, I really liked Nginx Bad Bot Blocker concept but it throws the following error in the end and breaks the nginx configuration:

[emerg] "if" directive is not allowed here in /etc/nginx/bots.d/blockbots.conf:40

Tried the workarounds posted in this thread but couldn’t get it worked yet. I wish there was an article on Virtubox’s Knowledge Base about configuring this ultimate bots solution.

virtubox · November 5, 2018, 3:11am

Hello @nschopra,

just check if directive include /etc/nginx/bots.d/blockbots.conf; was properly added in your vhost by nginx bad bot blocker script. There were few errors in 22222 and default nginx vhosts in my case.

nschopra · November 5, 2018, 3:45am

I finally got it working but there is just one issue. As per the official thread, curl -A “Xenu Link Sleuth/1.3.8” http ://yourdomain.com or curl -I https ://yourdomain.com -e http ://zx6.ru should output the following line:

curl: (52) Empty reply from server

But in my case, there is the following output:

curl: (92) HTTP/2 stream 1 was not closed cleanly: PROTOCOL_ERROR (err 1)

virtubox · November 5, 2018, 2:04pm

It’s not an error, connection isn’t closed with the same message when you use HTTP/2.

nschopra · November 5, 2018, 2:25pm

So, I guess the setup is completed and it’s working fine. Tested it through some WP Theme Detector Sites and they were unable to access my sites.

But even after installing it there are some attempts listed in site-error log which were unsuccessful but still the Nginx CPU Memory issue is same.

portofacil · November 8, 2018, 11:32am

Check Nginx’s changelog. It seems the issue was addressed in latest mainline.

Changes with nginx 1.15.6                                        06 Nov 2018

    *) Security: when using HTTP/2 a client might cause excessive memory
       consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844).

    *) Security: processing of a specially crafted mp4 file with the
       ngx_http_mp4_module might result in worker process memory disclosure
       (CVE-2018-16845).

    *) Feature: the "proxy_socket_keepalive", "fastcgi_socket_keepalive",
       "grpc_socket_keepalive", "memcached_socket_keepalive",
       "scgi_socket_keepalive", and "uwsgi_socket_keepalive" directives.

    *) Bugfix: if nginx was built with OpenSSL 1.1.0 and used with OpenSSL
       1.1.1, the TLS 1.3 protocol was always enabled.

    *) Bugfix: working with gRPC backends might result in excessive memory
       consumption.

nschopra · November 8, 2018, 12:40pm

Yes, I even I saw the same changelog yesterday and also updated to the latest one (Thanks to @virtubox 's Nginx EE Scripts) but still, the issue is same. Nothing is changed for me as of now

portofacil · November 9, 2018, 12:23pm

It didn’t solve my problems neither.

portofacil · November 20, 2018, 6:07pm

Hello, do you have any news regarding this topic?

I just started using Ubuntu 18.04 (almost 200 VPSs and dedicated servers to move). There are no errors with “stock” Nginx (the one from repositories), but it is 14.0, not even up to date with stable release.

And I’m afraid of compiling Nginx again and getting the same issue from the other servers.

Any opinion would help.

Thanks in advance.

portofacil · November 20, 2018, 7:27pm

I can’t tell if it’s the solution for this mystery or not, but I’ve got some good results by removing (commenting) the line aio threads in nginx.conf.

portofacil · November 20, 2018, 7:44pm

It’s not aio thread the cause of the issue.

Now I commented brotli on; for a new test (Brotli and AIO Threads are disabled).

portofacil · November 21, 2018, 12:09am

So far, so good. I think it’s Brotli to blame for the CPU hogging.

nschopra · November 21, 2018, 4:36am

Hey @portofacil Thanks a lot of keeping the thread updated and giving the suggestions. As I am not a server expert so it’s really hard for me to use the official Nginx and remove the existing one.

However, I will surely try removing brotli and Aio threads lines from nginx.conf and see if it works. I will let you know the outcome in my case. Thanks

portofacil · November 21, 2018, 7:36pm

It’s like a dream: 24h and no issues with Nginx in any of my servers!

nschopra · November 22, 2018, 4:44am

You’re right dear @portofacil It has been 24 Hours since I implemented your recommendation and the issue is gone now. Now, I will try enabling aio threads and see if it’s also the culprit or not!

portofacil · November 22, 2018, 4:47am

Please, let me know what happens when you enable AIO Threads.

nschopra · November 22, 2018, 5:13am

Sure buddy

nschopra · November 23, 2018, 12:20pm

It has been more than 24 Hours since I enabled Aio Threads and kept Brotli Disabled. There isn’t any CPU related error as of now. I think it’s safe to say that Brotli is the only to thing to blame for this.

portofacil · November 23, 2018, 1:18pm

Thanks for sharing the information!

I’ll try enabling AIO Threads again, too.