// Page

Angie modules optimized & extended

Angie modules optimized & extended

Current version: 1.11.4 (last built: 2026-05-08)

What is Angie?

Angie is a high-performance web server forked from NGINX by the original core NGINX developers. It is a true drop-in replacement — compatible with all NGINX configuration syntax — while adding features NGINX mainline hasn’t shipped yet: native ACME/Let’s Encrypt, a rich JSON status API, and active development by its original authors.

Our packages are built with the exact same optimizations and dynamic module set as our NGINX stack — same performance tuning, same security hardening, just swap the binary.

Why choose Angie?

  • Built by the original NGINX core developers
  • Native ACME/Let’s Encrypt — no Certbot needed (deep dive)
  • Rich JSON status API at /status — connections, upstreams, caches, SSL stats
  • 100% NGINX config compatible — no migration needed
  • Linked against OpenSSL-NGINX, HTTP/3 QUIC, -Ofast -flto, zlib-ng, kTLS, TFO

See also: Angie vs NGINX feature comparison

Installation

See the How to use page to add the repository. Migrating from NGINX? Your /etc/nginx/ config works as-is.

Module usage examples

See the module usage examples page for ModSecurity, GeoIP2, Brotli, Lua, rate limiting and more.

All dynamic modules

All modules ship as angie-module-* packages. Load them with load_module modules/ngx_*.so; at the top of your config.

Security & WAF modules

  • angie-module-http-modsecurity — ModSecurity v3 WAF connector (source)
  • angie-module-http-naxsi — NAXSI open-source WAF (source)
  • angie-module-http-waf — ngx_waf high-performance firewall (source)
  • angie-module-http-testcookie-access — Cookie-based bot mitigation (source)
  • angie-module-http-js-challenge — JavaScript proof-of-work anti-DDoS (source)
  • angie-module-http-captcha — CAPTCHA challenge module (source)
  • angie-module-http-security-headers — Automatic security headers (source)
  • angie-module-http-ipset-blacklist — netfilter ipset black/whitelist (source)

Authentication modules

  • angie-module-http-auth-ldap — LDAP authentication (source)
  • angie-module-http-auth-pam — PAM authentication (source)
  • angie-module-http-auth-spnego — Kerberos/SPNEGO authentication (source)
  • angie-module-http-encrypted-session — Encrypt/decrypt nginx variables (source)

Compression modules

  • angie-module-http-brotli — Brotli compression, filter + static (source)
  • angie-module-http-zstd — Zstandard compression (source)

Geo-location & analytics modules

  • angie-module-http-geoip2 — MaxMind GeoIP2 HTTP lookup (source)
  • angie-module-stream-geoip2 — MaxMind GeoIP2 stream lookup
  • angie-module-http-vhost-traffic-status — Per-vhost traffic statistics (source)
  • angie-module-http-user-agent — Match browsers and crawlers (source)
  • angie-module-ipscrub — IP anonymizer for GDPR-compliant logging (source)

Access control & rate limiting modules

  • angie-module-http-access-plus — Limit access by HTTP method and address (source)
  • angie-module-http-dynamic-limit-req — Dynamically lock/release IPs (source)
  • angie-module-http-sysguard — Protect against high load and memory pressure (source)

Cache management modules

  • angie-module-http-cache-purge — Purge proxy/fastcgi cache entries (source)
  • angie-module-http-srcache-filter — Transparent subrequest-based caching (source)
  • angie-module-http-pagespeed — Google PageSpeed — optimize assets on the fly

Lua scripting modules

  • angie-module-http-lua — Embed Lua into request processing, OpenResty (source)
  • angie-module-stream-lua — Lua for TCP/UDP stream blocks (source)
  • angie-module-http-ndk — Nginx Development Kit, required by Lua modules (source)
  • angie-module-http-set-misc — set_md5, set_sha1, set_quote_json and more (source)
  • angie-module-http-echo — Shell-style echo/sleep/subrequest directives (source)
  • angie-module-http-eval — Evaluate upstream response into a variable (source)
  • angie-module-http-redis2 — Redis 2.0 protocol upstream (source)
  • angie-module-http-xss-filter — Native cross-site AJAX support (source)

Headers & response manipulation modules

  • angie-module-http-headers-more-filter — Set/clear any request or response header (source)
  • angie-module-http-subs-filter — Regex substitution in response body (source)
  • angie-module-http-trim-filter — Strip whitespace and HTML comments
  • angie-module-http-length-hiding-filter — Pad responses to obscure content length (source)
  • angie-module-http-immutable — Immutable Cache-Control for static assets (source)
  • angie-module-http-dynamic-etag — ETags for dynamic content (source)
  • angie-module-http-hmac-secure-link — HMAC-signed secure download links (source)

Static serving & WebDAV modules

  • angie-module-http-fancyindex — Styled directory listings (source)
  • angie-module-http-concat — Concatenate CSS/JS files in one request (source)
  • angie-module-http-dav-ext — Full WebDAV: PROPFIND, OPTIONS, LOCK (source)
  • angie-module-http-uploadprogress — Track upload progress (source)

Streaming & real-time modules

  • angie-module-http-flv-live — HTTP-FLV live streaming with GOP cache (source)
  • angie-module-rtmp — RTMP streaming (source)
  • angie-module-nchan — Pub/sub for HTTP, SSE, WebSockets (source)
  • angie-module-http-doh — DNS-over-HTTPS endpoint (source)
  • angie-module-http-early-hints — HTTP 103 Early Hints (source)

Built-in modules (no separate package needed)

  • angie-module-http-geoip — Legacy MaxMind GeoIP v1
  • angie-module-http-image-filter — On-the-fly image resizing/cropping
  • angie-module-http-perl — Perl scripting
  • angie-module-http-xslt-filter — XSLT transformations
  • angie-module-mail — Mail proxy (SMTP, IMAP, POP3)
  • angie-module-stream — TCP/UDP load balancing

Patches (4 total)

  • zlib-ng-1.11.patch — Integrates zlib-ng in native mode so Angie uses SIMD-accelerated gzip/deflate instead of standard zlib
  • openssl-nginx-kTLS-support.patch — Enables kernel TLS offload with OpenSSL-NGINX for dramatic SSL/TLS performance gains
  • myguard-branding.patch — Adds myguard identifier in startup logs and removes version information from HTTP headers
  • optimize-tls-latency.patch — Implements adaptive TLS record sizing: small records for low latency on new connections, large records for high throughput on warm connections

Build optimizations (2026)

  • Linked against OpenSSL-NGINX — dedicated OpenSSL 3.5 built for webservers: kTLS offload, ec_nistp_64_gcc_128, RDRAND hardware entropy, no legacy ciphers or bloat
  • TLS 1.3 + kTLS kernel TLS offload (ssl_conf_command Options KTLS;)
  • HTTP/3 QUIC support enabled
  • Compiled with -Ofast -flto=auto for maximum performance
  • Linked against zlib-ng in native mode (SIMD-accelerated compression)
  • jemalloc, TCP Fast Open, AIO threading support

Not included in our Angie build (and why)

Angie differs from our NGINX stack on these points:

  • Certbot/ACME patches not needed — Angie includes native ACME/Let’s Encrypt support natively in the core. No external patches required. Use acme { ... } directives directly in nginx.conf.
  • Fewer Debian compatibility patches — NGINX requires multiple Debian patches (pidfile race condition fixes, symbol signature patches for ABI stability). Angie has these issues fixed upstream since it’s actively maintained by the original NGINX developers.
  • No proxy-connect patch needed — NGINX requires ngx_http_proxy_connect_module to support HTTP CONNECT tunneling. Angie already implements native CONNECT method support in the core, making the patch incompatible and unnecessary.

Supported distributions

  • Debian Trixie (13), Bookworm (12), Bullseye (11)
  • Ubuntu Resolute (26.04), Noble (24.04), Jammy (22.04)

Docker

Daily-rebuilt images on Docker Hub (eilandert). See the Docker page.

Report issues

Open an issue at github.com/eilandert/deb.myguard.nl.