You’ve been running NGINX. It works. Life is good. But you keep hearing about Angie — the fork maintained by the original NGINX developers after they left F5. It has native Let’s Encrypt support, a proper JSON API, dynamic upstreams without paying for NGINX Plus, and no corporate product roadmap getting in the way.
“Migration sounds like work,” you think. “I’ll do it someday.”
Today is someday. And I promise: this is the easiest server migration you will ever do. Your config files work without changes. Your modules map 1:1. Your sites stay online throughout. The hardest part is typing apt install angie.
Why Migrate? What Does Angie Actually Add?
- Native ACME / Let’s Encrypt — certificates managed directly in
nginx.conf, no Certbot, no cron jobs, no expiry surprises - JSON status API — real metrics (connections, upstreams, certs, request rates) in JSON, ready for Prometheus or Grafana
- Dynamic upstreams — add/remove upstream servers without reload, free in Angie (costs money in NGINX Plus)
- Prometheus metrics endpoint — built-in, no third-party exporter needed
- Monthly release cycle — features and fixes ship faster than NGINX’s quarterly cadence
- Maintained by the original NGINX team — the people who designed the architecture are still building it
What you don’t lose: performance, stability, config compatibility, all your modules. For the full feature-by-feature breakdown see our Angie vs NGINX comparison.
Before You Start: 2-Minute Prep
# Back up your config (takes 5 seconds)
tar -czf /tmp/nginx-backup-$(date +%Y%m%d).tar.gz /etc/nginx/
# Note what version you're on
nginx -v
# List loaded modules (you'll need these after migration)
nginx -V 2>&1 | grep -o 'modules/[^ ]*.so'The Migration: Step by Step
Step 1: Add the myguard Repository
wget -qO- https://deb.myguard.nl/gpg.key
| gpg --dearmor > /usr/share/keyrings/myguard-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/myguard-archive-keyring.gpg]
https://deb.myguard.nl stable main"
| tee /etc/apt/sources.list.d/myguard.list
apt updateStep 2: Install Angie
apt install angieAngie installs alongside NGINX without removing it — they can coexist as packages, they just can’t both listen on the same ports. NGINX stays installed as your fallback.
Step 3: Test Your Config
# Angie reads your existing /etc/nginx/ config
angie -t
# If you see "syntax is ok" you're ready
# Rare failures are usually module-related (see Module Mapping below)Step 4: Switch Over
systemctl stop nginx
systemctl start angie
systemctl status angie # confirm it's runningStep 5: Verify Everything Works
curl -I https://yourdomain.com
tail -f /var/log/angie/error.log
tail -f /var/log/angie/access.logStep 6: Make It Permanent
systemctl disable nginx
systemctl enable angieModule Mapping: NGINX to Angie
Module package names change from libnginx-mod-* to angie-module-*. The modules work identically — only the package names differ.
| NGINX Module Package | Angie Module Package |
|---|---|
| libnginx-mod-http-brotli | angie-module-http-brotli |
| libnginx-mod-http-modsecurity | angie-module-http-modsecurity |
| libnginx-mod-http-lua | angie-module-http-lua |
| libnginx-mod-http-headers-more | angie-module-http-headers-more |
| libnginx-mod-http-geoip2 | angie-module-http-geoip2 |
Rollback: If Anything Goes Wrong
systemctl stop angie
systemctl start nginx
# Your NGINX config is still there, untouchedFull rollback in two commands. NGINX is still installed, your config is unchanged, nothing is lost.
Optional: Enable Angie’s Native ACME
http {
acme_client letsencrypt https://acme-v02.api.letsencrypt.org/directory
email admin@yourdomain.com;
server {
listen 443 ssl;
server_name yourdomain.com;
acme letsencrypt;
ssl_certificate $acme_cert_letsencrypt;
ssl_certificate_key $acme_cert_key_letsencrypt;
}
}Reload Angie and it fetches the certificate immediately. See the full Angie ACME guide for multi-domain setups and Certbot migration.
Frequently Asked Questions
- Will my sites go down during the NGINX to Angie migration?
- There’s a brief moment when you stop NGINX and start Angie — typically under a second. If you want true zero downtime, you can do a more careful cutover using socket passing, but for most setups the simple stop/start approach is completely fine.
- Do I need to change any config files when migrating to Angie?
- Almost certainly not. Angie reads your existing /etc/nginx/ directory without any changes. The only time you’d need modifications is if you’re using a module with a different name in Angie, or very old NGINX-specific syntax that Angie has updated.
- What happens to my Let’s Encrypt certificates after migrating?
- They keep working. Certbot’s certificates are just files — Angie reads them the same way NGINX does. You can migrate to Angie’s native ACME later at your own pace, or keep Certbot running alongside Angie. Both work fine.
- Can I run both NGINX and Angie on the same server?
- They can both be installed as packages, but they can’t both listen on ports 80 and 443 simultaneously. You switch between them by starting one and stopping the other. NGINX stays installed as a rollback option.
- How do I monitor Angie after migration?
- Angie has a built-in JSON API at /api with real-time connection counts, upstream health, and certificate status. There’s also a built-in Prometheus metrics endpoint. No third-party exporter needed.
- Is Angie really maintained by the original NGINX developers?
- Yes. The core Angie developers are the same people who wrote large parts of NGINX before leaving F5 in 2021. They forked the project to continue developing it without corporate constraints.
Related Posts
- Angie vs NGINX: Complete Comparison — all the features side by side before you decide
- Angie ACME: Native TLS Without Certbot — the first thing to set up after migrating
- How to Optimize NGINX and Angie for Maximum Performance — full performance and security guide
- openssl-nginx: Dedicated OpenSSL for NGINX and Angie — the TLS layer under both web servers