Check Nginx’s changelog. It seems the issue was addressed in latest mainline.

Changes with nginx 1.15.6                                        06 Nov 2018

    *) Security: when using HTTP/2 a client might cause excessive memory
       consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844).

    *) Security: processing of a specially crafted mp4 file with the
       ngx_http_mp4_module might result in worker process memory disclosure

    *) Feature: the "proxy_socket_keepalive", "fastcgi_socket_keepalive",
       "grpc_socket_keepalive", "memcached_socket_keepalive",
       "scgi_socket_keepalive", and "uwsgi_socket_keepalive" directives.

    *) Bugfix: if nginx was built with OpenSSL 1.1.0 and used with OpenSSL
       1.1.1, the TLS 1.3 protocol was always enabled.

    *) Bugfix: working with gRPC backends might result in excessive memory


Yes, I even I saw the same changelog yesterday and also updated to the latest one (Thanks to @virtubox 's Nginx EE Scripts) but still, the issue is same. Nothing is changed for me as of now :frowning:


It didn’t solve my problems neither. :frowning:


Hello, do you have any news regarding this topic?

I just started using Ubuntu 18.04 (almost 200 VPSs and dedicated servers to move). There are no errors with “stock” Nginx (the one from repositories), but it is 14.0, not even up to date with stable release.

And I’m afraid of compiling Nginx again and getting the same issue from the other servers.

Any opinion would help.

Thanks in advance.


I can’t tell if it’s the solution for this mystery or not, but I’ve got some good results by removing (commenting) the line aio threads in nginx.conf.



It’s not aio thread the cause of the issue.

Now I commented brotli on; for a new test (Brotli and AIO Threads are disabled).


So far, so good. I think it’s Brotli to blame for the CPU hogging.


Hey @portofacil Thanks a lot of keeping the thread updated and giving the suggestions. As I am not a server expert so it’s really hard for me to use the official Nginx and remove the existing one.

However, I will surely try removing brotli and Aio threads lines from nginx.conf and see if it works. I will let you know the outcome in my case. Thanks :slight_smile:


It’s like a dream: 24h and no issues with Nginx in any of my servers!


You’re right dear @portofacil It has been 24 Hours since I implemented your recommendation and the issue is gone now. Now, I will try enabling aio threads and see if it’s also the culprit or not!


Please, let me know what happens when you enable AIO Threads. :slight_smile:


Sure buddy :slight_smile:


It has been more than 24 Hours since I enabled Aio Threads and kept Brotli Disabled. There isn’t any CPU related error as of now. I think it’s safe to say that Brotli is the only to thing to blame for this.


Thanks for sharing the information!

I’ll try enabling AIO Threads again, too.


@nschopra, what is Brotli compression level you use in your servers?

I just found I’m using:

brotli_comp_level 8;

The recommended level for dynamic content is 4 (allegedly better compression than default gzip, and still quicker).

I’ll be traveling all the weekend, but on next Monday I’ll try re-enabling Brotli, but with a lower compression level.


I have been using brotli_comp_level 6 since the start.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.