For a full list of modules, see below.
There is a changelog in the support forum
A build log can be found here
Dockers can be found here
Features:
- Latest Mainline in a debian/ubuntu package.
- Removed debian/ubuntu branding in server signature.
- Optimized nginx.conf
- Added additional bots/security/hardening/proxy examples in snippets/
- Linked all builds against latest OpenSSL+quic so there is full TLS1.3 and HTTP3/QUIC support
- Added Optimizing TLS over TCP to reduce latency (Cloudflare patch)
- Added recommended SSL directives, should give A+ on SSLLABS
- kTLS is available, use “modprobe tls” and add “ssl_conf_command Options KTLS;” to the http{ } block
- Build with AIO and threading support (better performance for eg ZFS)
- Linked against zlib-ng for faster/better data compression (native mode)
- Compiled with -O3 and -flto to squeeze some extra % performance.
- Compiled with TFO (TCP Fast Open), use sysctl -w net.ipv4.tcp_fastopen=3 to enable)
- Pagespeed: Seperately build PSOL (Page Speed Optimalisation Library) per distro
- Docker image is on the docker hub (daily rebuilds)
- The modsecurity core ruleset (crs, from git) is repackaged on each nginx version update.
- Couple of lua modules, also repackaged on each nginx version update
- Patched NGINX and OpenSSL in order to support yielding operations in ssl_session_fetch_by_lua* and ssl_certificate_by_lua*
Extra NGINX modules build from git (dynamic)
- libnginx-mod-http-access-plus – allows limiting access to certain http request methods and client addresses.
- libnginx-mod-http-auth-ldap – LDAP authentication module for nginx
- libnginx-mod-http-auth-spnego – This module implements SPNEGO support
- libnginx-mod-http-auth-pam – PAM authentication module
- libnginx-mod-http-brotli – nginx module for Brotli compression
- libnginx-mod-http-cache-purge – Purge content from nginx caches
- libnginx-mod-http-captcha – nginx module for generate captcha and validate captcha code
- libnginx-mod-http-concat – A module for concatenating files in a given context: CSS and JS files usually
- libnginx-mod-http-dav-ext – WebDAV missing commands support
- libnginx-mod-http-doh – Simple nginx module for serving dns-over-https (DOH) requests.
- libnginx-mod-http-dynamic-etag – NGINX module for adding ETag to dynamic content
- libnginx-mod-http-dynamic-limit-req – Used to dynamically lock IP and release it periodically.
- libnginx-mod-http-early-hints – This is an experimental nginx module that sending 103 early hints.
- libnginx-mod-http-echo – Bring echo and more shell style goodies to Nginx
- libnginx-mod-http-encrypted-session – encrypt and decrypt nginx variable values
- libnginx-mod-http-eval – A module for evaluating memcached or proxy response into variable
- libnginx-mod-http-fancyindex – Fancy indexes module
- libnginx-mod-http-flv-live – same as RTMP but with HTTP-FLV, GOP cache, VHost and JSON stats
- libnginx-mod-http-geoip2 – GeoIP2 http module
- libnginx-mod-http-hmac-secure-link – HMAC Secure Link module
- libnginx-mod-http-headers-more-filter Set and clear input and output headers
- libnginx-mod-http-ipset-blacklist – for using netfilter ipsets as a black/white list
- libnginx-mod-http-js-challenge – Simple javascript proof-of-work based access (Similar to Cloudflare’s anti-DDoS feature)
- libnginx-mod-http-lua – Embed the power of Lua into nginx servers (openresty)
- libnginx-mod-http-lua-ssl – extends the lua module w enhanced SSL/TLS capabilities
- libnginx-mod-http-modsecurity – connector for libmodsecurity3
- libnginx-mod-http-naxsi – naxsi is an open-source web application firewall
- libnginx-mod-http-ndk -Development Kit module
- libnginx-mod-http-njs – subset of the JavaScript language that allows extending nginx functionality
- libnginx-mod-http-redis2 – upstream module for the Redis 2.0 protocol
- libnginx-mod-http-security-headers – module for sending security headers
- libnginx-mod-http-set-misc – Various set_xxx directives added to nginx’s rewrite module (md5/sha1, sql/json quoting, and many more)
- libnginx-mod-http-srcache-filter – Transparent subrequest-based caching layout for arbitrary nginx locations
- libnginx-mod-http-ssl-ct – Certificate Transparency module
- libnginx-mod-http-subs-filter – Substitution filter module
- libnginx-mod-http-sysguard – Protect nginx against high sysload, memory or slow requests.
- libnginx-mod-http-testcookie-access – simple robot mitigation module using cookie based challenge/response technique.
- libnginx-mod-http-trim-filter – Modifies html by removing unnecessary whitespaces and comments
- libnginx-mod-http-uploadprogress – Upload progress system for Nginx
- libnginx-mod-http-upstream-fair Nginx Upstream Fair Proxy Load Balancer
- libnginx-mod-http-user-agent – A module to match browsers and crawlers
- libnginx-mod-http-vhost-traffic-status – Provides access to virtual host status information
- libnginx-mod-http-waf – Handy, High performance Nginx firewall module. (ngx_waf)
- libnginx-mod-http-xss – Native support for cross-site scripting (XSS)
- libnginx-mod-http-zstd – adds Zstandard (zstd) compression.
- libnginx-mod-ipscrub – IP address anonymizer module for nginx
- libnginx-mod-mail-ssl-ct – Certificate Transparency module
- libnginx-mod-nchan – Fast, flexible pub/sub server
- libnginx-mod-pagespeed – ngx_pagespeed optimizes your site on the fly, with caching
- libnginx-mod-rtmp – RTMP support (alternative: libnginx-mod-http-flv-live)
- libnginx-mod-ssl-ct – Certificate Transparency module
- libnginx-mod-stream-geoip2 – GeoIP2 Stream module
- libnginx-mod-stream-lua Embed the power of Lua into nginx servers (openresty)
- libnginx-mod-stream-njs – subset of the JS language that allows extending nginx functionality
- libnginx-mod-stream-ssl-ct – Certificate Transparency module for nginx.
Including dynamic nginx modules in the original code base:
- libnginx-mod-http-geoip – GeoIP Stream module
- libnginx-mod-http-image-filter – HTTP image filter module
- libnginx-mod-http-perl – Perl module for Nginx
- libnginx-mod-http-xslt-filter – XSLT Transformation module
- libnginx-mod-mail – Mail module
- libnginx-mod-stream – Stream module
- libnginx-mod-stream-geoip – GeoIP Stream module
Standalone Libraries provided:
- libmodsecurity3 – v3 library component for use with the NGINX connector
- modsecurity-crs – OWASP ModSecurity Core Rule Set
- libjemalloc2 – You need the one on my repo, it’s build for NGINX
- libz-ng2 – zlib data compression library for the next generation systems (native mode)
- lua-resty – A bundle of most used lua modules for libnginx-mod-http-lua
- lua-resty-core – New FFI-based Lua API for ngx_http_lua_module and/or ngx_stream_lua_module (openresty)
- lua-resty-lrucache -Lua-land LRU cache based on the LuaJIT FFI. (openresty)
Custom scripts:
- reorder-modules.sh – priotize certain nginx modules in the right order, including docker support
- cloudflare.sh – Get the Cloudflare IP’s for include in vhost with CF-Connecting-IP
Patches:
- 0002-Make-sure-signature-stays-the-same-in-all-nginx-buil.patch (debian)
- nginx-fix-pidfile.patch (debian)
- nginx__1.19.4_dynamic_tls_records.patch (cloudflare)
nginx_hpack_push_1.25.0.patch (cloudflare)- nginx-1.21.4-ssl_cert_cb_yield.patch (openresty)
- zlib-ng.patch (zlibng)