Current version: 1.29.8 (last built: 2026-05-04)
The myguard NGINX package tracks the latest mainline release, compiled with aggressive performance optimizations and an extensive set of dynamic modules — all available as libnginx-mod-* packages via APT. See the How to use page to add the repository.
Build log: nginx-build.log — Docker images: Docker page
Build features
- Latest NGINX mainline — updated automatically on each upstream release
- Linked against OpenSSL+quic for full TLS 1.3 and HTTP/3 QUIC support
- Linked against openssl-nginx — dedicated OpenSSL 3.5 built for webservers: kTLS offload, ec_nistp_64_gcc_128, RDRAND hardware entropy, no legacy ciphers or bloat
- Compiled with
-O3 -flto for maximum throughput
- Linked against zlib-ng (native mode) for faster gzip/deflate
- kTLS support — enable with
modprobe tls and ssl_conf_command Options KTLS;
- TCP Fast Open — enable with
sysctl -w net.ipv4.tcp_fastopen=3
- AIO and threading support (better performance for ZFS and high-concurrency workloads)
- Cloudflare dynamic TLS records patch for reduced TLS latency
- OpenSSL+quic patched for yielding operations in
ssl_session_fetch_by_lua* and ssl_certificate_by_lua*
- Optimized nginx.conf with security snippets and bot-blocking examples in
snippets/
- No Debian/Ubuntu branding in the server signature
- A+ on SSL Labs with default SSL directives
Security modules
- libnginx-mod-http-modsecurity — ModSecurity v3 WAF connector
- libnginx-mod-http-naxsi — NAXSI open-source WAF
- libnginx-mod-http-waf — ngx_waf high-performance firewall
- libnginx-mod-http-auth-ldap — LDAP authentication
- libnginx-mod-http-auth-pam — PAM authentication
- libnginx-mod-http-auth-spnego — Kerberos/SPNEGO authentication
- libnginx-mod-http-testcookie-access — cookie-based bot mitigation
- libnginx-mod-http-js-challenge — JavaScript proof-of-work anti-DDoS
- libnginx-mod-http-captcha — CAPTCHA challenge module
- libnginx-mod-http-security-headers — automatic security headers
- libnginx-mod-http-ipset-blacklist — netfilter ipset black/whitelist
- libnginx-mod-http-ssl-ct — Certificate Transparency
- libnginx-mod-http-encrypted-session — encrypt/decrypt nginx variables
- libnginx-mod-ipscrub — IP anonymizer for GDPR-compliant logging
Compression modules
- libnginx-mod-http-brotli — Brotli compression (filter + static precompressed)
- libnginx-mod-http-zstd — Zstandard compression
Geo and traffic modules
- libnginx-mod-http-geoip2 — MaxMind GeoIP2 HTTP lookup
- libnginx-mod-stream-geoip2 — MaxMind GeoIP2 stream lookup
- libnginx-mod-http-vhost-traffic-status — per-vhost traffic statistics
- libnginx-mod-http-user-agent — match browsers and crawlers
- libnginx-mod-http-access-plus — limit access by HTTP method and address
Rate limiting and load control
- libnginx-mod-http-dynamic-limit-req — dynamically lock/release IPs
- libnginx-mod-http-sysguard — protect against high load and memory pressure
- libnginx-mod-http-cache-purge — purge proxy/fastcgi cache entries
- libnginx-mod-http-uploadprogress — track upload progress
Lua and scripting modules
- libnginx-mod-http-lua — embed Lua into request processing (OpenResty)
- libnginx-mod-stream-lua — Lua for TCP/UDP stream blocks
- libnginx-mod-http-lua-ssl — enhanced SSL/TLS capabilities for Lua
- libnginx-mod-http-ndk — Nginx Development Kit, required by Lua modules
- libnginx-mod-http-set-misc — set_md5, set_sha1, set_quote_json and more
- libnginx-mod-http-echo — shell-style echo/sleep/subrequest directives
- libnginx-mod-http-eval — evaluate upstream response into a variable
- libnginx-mod-http-redis2 — Redis 2.0 protocol upstream
- libnginx-mod-http-srcache-filter — transparent subrequest-based caching
- libnginx-mod-http-xss — native cross-site AJAX support
- libnginx-mod-http-njs — JavaScript subset for extending NGINX
- libnginx-mod-stream-njs — njs for stream blocks
Headers and response manipulation
- libnginx-mod-http-headers-more-filter — set/clear any request or response header
- libnginx-mod-http-subs-filter — regex substitution in response body
- libnginx-mod-http-trim-filter — strip whitespace and HTML comments
- libnginx-mod-http-dynamic-etag — ETags for dynamic content
- libnginx-mod-http-hmac-secure-link — HMAC-signed secure download links
Caching and static serving
- libnginx-mod-pagespeed — Google PageSpeed — optimize assets on the fly
- libnginx-mod-http-fancyindex — styled directory listings
- libnginx-mod-http-concat — concatenate CSS/JS in one request
- libnginx-mod-http-dav-ext — full WebDAV: PROPFIND, OPTIONS, LOCK
Streaming and pub/sub
- libnginx-mod-http-flv-live — HTTP-FLV live streaming with GOP cache
- libnginx-mod-rtmp — RTMP streaming
- libnginx-mod-nchan — pub/sub for HTTP, SSE, WebSockets
- libnginx-mod-http-doh — DNS-over-HTTPS endpoint
- libnginx-mod-http-early-hints — HTTP 103 Early Hints
Built-in modules (no extra package)
- libnginx-mod-http-geoip — legacy MaxMind GeoIP v1
- libnginx-mod-http-image-filter — on-the-fly image resizing/cropping
- libnginx-mod-http-perl — Perl scripting
- libnginx-mod-http-xslt-filter — XSLT transformations
- libnginx-mod-mail — mail proxy (SMTP, IMAP, POP3)
- libnginx-mod-stream — TCP/UDP load balancing
- libnginx-mod-stream-geoip — legacy GeoIP v1 for stream
Standalone libraries
- libmodsecurity3 — ModSecurity v3 library
- modsecurity-crs — OWASP ModSecurity Core Rule Set
- libjemalloc2 — jemalloc allocator, built specifically for NGINX
- libz-ng2 — next-generation zlib (native mode)
- lua-resty — bundle of most-used Lua modules for libnginx-mod-http-lua
Custom scripts included
- reorder-modules.sh — set module load order, including Docker support
- cloudflare.sh — fetch Cloudflare IP ranges for use with
CF-Connecting-IP
Patches applied
dynamic_tls_records.patch — Cloudflare TLS latency optimizationssl_cert_cb_yield.patch — OpenResty yielding operations in SSL callbackszlib-ng.patch — zlib-ng native mode compatibility
Post-Quantum Cryptography (PQC) ready
-O3 -flto for maximum throughputmodprobe tls and ssl_conf_command Options KTLS;sysctl -w net.ipv4.tcp_fastopen=3ssl_session_fetch_by_lua* and ssl_certificate_by_lua*snippets/- libnginx-mod-http-modsecurity — ModSecurity v3 WAF connector
- libnginx-mod-http-naxsi — NAXSI open-source WAF
- libnginx-mod-http-waf — ngx_waf high-performance firewall
- libnginx-mod-http-auth-ldap — LDAP authentication
- libnginx-mod-http-auth-pam — PAM authentication
- libnginx-mod-http-auth-spnego — Kerberos/SPNEGO authentication
- libnginx-mod-http-testcookie-access — cookie-based bot mitigation
- libnginx-mod-http-js-challenge — JavaScript proof-of-work anti-DDoS
- libnginx-mod-http-captcha — CAPTCHA challenge module
- libnginx-mod-http-security-headers — automatic security headers
- libnginx-mod-http-ipset-blacklist — netfilter ipset black/whitelist
- libnginx-mod-http-ssl-ct — Certificate Transparency
- libnginx-mod-http-encrypted-session — encrypt/decrypt nginx variables
- libnginx-mod-ipscrub — IP anonymizer for GDPR-compliant logging
Compression modules
- libnginx-mod-http-brotli — Brotli compression (filter + static precompressed)
- libnginx-mod-http-zstd — Zstandard compression
Geo and traffic modules
- libnginx-mod-http-geoip2 — MaxMind GeoIP2 HTTP lookup
- libnginx-mod-stream-geoip2 — MaxMind GeoIP2 stream lookup
- libnginx-mod-http-vhost-traffic-status — per-vhost traffic statistics
- libnginx-mod-http-user-agent — match browsers and crawlers
- libnginx-mod-http-access-plus — limit access by HTTP method and address
Rate limiting and load control
- libnginx-mod-http-dynamic-limit-req — dynamically lock/release IPs
- libnginx-mod-http-sysguard — protect against high load and memory pressure
- libnginx-mod-http-cache-purge — purge proxy/fastcgi cache entries
- libnginx-mod-http-uploadprogress — track upload progress
Lua and scripting modules
- libnginx-mod-http-lua — embed Lua into request processing (OpenResty)
- libnginx-mod-stream-lua — Lua for TCP/UDP stream blocks
- libnginx-mod-http-lua-ssl — enhanced SSL/TLS capabilities for Lua
- libnginx-mod-http-ndk — Nginx Development Kit, required by Lua modules
- libnginx-mod-http-set-misc — set_md5, set_sha1, set_quote_json and more
- libnginx-mod-http-echo — shell-style echo/sleep/subrequest directives
- libnginx-mod-http-eval — evaluate upstream response into a variable
- libnginx-mod-http-redis2 — Redis 2.0 protocol upstream
- libnginx-mod-http-srcache-filter — transparent subrequest-based caching
- libnginx-mod-http-xss — native cross-site AJAX support
- libnginx-mod-http-njs — JavaScript subset for extending NGINX
- libnginx-mod-stream-njs — njs for stream blocks
Headers and response manipulation
- libnginx-mod-http-headers-more-filter — set/clear any request or response header
- libnginx-mod-http-subs-filter — regex substitution in response body
- libnginx-mod-http-trim-filter — strip whitespace and HTML comments
- libnginx-mod-http-dynamic-etag — ETags for dynamic content
- libnginx-mod-http-hmac-secure-link — HMAC-signed secure download links
Caching and static serving
- libnginx-mod-pagespeed — Google PageSpeed — optimize assets on the fly
- libnginx-mod-http-fancyindex — styled directory listings
- libnginx-mod-http-concat — concatenate CSS/JS in one request
- libnginx-mod-http-dav-ext — full WebDAV: PROPFIND, OPTIONS, LOCK
Streaming and pub/sub
- libnginx-mod-http-flv-live — HTTP-FLV live streaming with GOP cache
- libnginx-mod-rtmp — RTMP streaming
- libnginx-mod-nchan — pub/sub for HTTP, SSE, WebSockets
- libnginx-mod-http-doh — DNS-over-HTTPS endpoint
- libnginx-mod-http-early-hints — HTTP 103 Early Hints
Built-in modules (no extra package)
- libnginx-mod-http-geoip — legacy MaxMind GeoIP v1
- libnginx-mod-http-image-filter — on-the-fly image resizing/cropping
- libnginx-mod-http-perl — Perl scripting
- libnginx-mod-http-xslt-filter — XSLT transformations
- libnginx-mod-mail — mail proxy (SMTP, IMAP, POP3)
- libnginx-mod-stream — TCP/UDP load balancing
- libnginx-mod-stream-geoip — legacy GeoIP v1 for stream
Standalone libraries
- libmodsecurity3 — ModSecurity v3 library
- modsecurity-crs — OWASP ModSecurity Core Rule Set
- libjemalloc2 — jemalloc allocator, built specifically for NGINX
- libz-ng2 — next-generation zlib (native mode)
- lua-resty — bundle of most-used Lua modules for libnginx-mod-http-lua
Custom scripts included
- reorder-modules.sh — set module load order, including Docker support
- cloudflare.sh — fetch Cloudflare IP ranges for use with
CF-Connecting-IP
Patches applied
dynamic_tls_records.patch — Cloudflare TLS latency optimizationssl_cert_cb_yield.patch — OpenResty yielding operations in SSL callbackszlib-ng.patch — zlib-ng native mode compatibility
Post-Quantum Cryptography (PQC) ready
- libnginx-mod-http-geoip2 — MaxMind GeoIP2 HTTP lookup
- libnginx-mod-stream-geoip2 — MaxMind GeoIP2 stream lookup
- libnginx-mod-http-vhost-traffic-status — per-vhost traffic statistics
- libnginx-mod-http-user-agent — match browsers and crawlers
- libnginx-mod-http-access-plus — limit access by HTTP method and address
Rate limiting and load control
- libnginx-mod-http-dynamic-limit-req — dynamically lock/release IPs
- libnginx-mod-http-sysguard — protect against high load and memory pressure
- libnginx-mod-http-cache-purge — purge proxy/fastcgi cache entries
- libnginx-mod-http-uploadprogress — track upload progress
Lua and scripting modules
- libnginx-mod-http-lua — embed Lua into request processing (OpenResty)
- libnginx-mod-stream-lua — Lua for TCP/UDP stream blocks
- libnginx-mod-http-lua-ssl — enhanced SSL/TLS capabilities for Lua
- libnginx-mod-http-ndk — Nginx Development Kit, required by Lua modules
- libnginx-mod-http-set-misc — set_md5, set_sha1, set_quote_json and more
- libnginx-mod-http-echo — shell-style echo/sleep/subrequest directives
- libnginx-mod-http-eval — evaluate upstream response into a variable
- libnginx-mod-http-redis2 — Redis 2.0 protocol upstream
- libnginx-mod-http-srcache-filter — transparent subrequest-based caching
- libnginx-mod-http-xss — native cross-site AJAX support
- libnginx-mod-http-njs — JavaScript subset for extending NGINX
- libnginx-mod-stream-njs — njs for stream blocks
Headers and response manipulation
- libnginx-mod-http-headers-more-filter — set/clear any request or response header
- libnginx-mod-http-subs-filter — regex substitution in response body
- libnginx-mod-http-trim-filter — strip whitespace and HTML comments
- libnginx-mod-http-dynamic-etag — ETags for dynamic content
- libnginx-mod-http-hmac-secure-link — HMAC-signed secure download links
Caching and static serving
- libnginx-mod-pagespeed — Google PageSpeed — optimize assets on the fly
- libnginx-mod-http-fancyindex — styled directory listings
- libnginx-mod-http-concat — concatenate CSS/JS in one request
- libnginx-mod-http-dav-ext — full WebDAV: PROPFIND, OPTIONS, LOCK
Streaming and pub/sub
- libnginx-mod-http-flv-live — HTTP-FLV live streaming with GOP cache
- libnginx-mod-rtmp — RTMP streaming
- libnginx-mod-nchan — pub/sub for HTTP, SSE, WebSockets
- libnginx-mod-http-doh — DNS-over-HTTPS endpoint
- libnginx-mod-http-early-hints — HTTP 103 Early Hints
Built-in modules (no extra package)
- libnginx-mod-http-geoip — legacy MaxMind GeoIP v1
- libnginx-mod-http-image-filter — on-the-fly image resizing/cropping
- libnginx-mod-http-perl — Perl scripting
- libnginx-mod-http-xslt-filter — XSLT transformations
- libnginx-mod-mail — mail proxy (SMTP, IMAP, POP3)
- libnginx-mod-stream — TCP/UDP load balancing
- libnginx-mod-stream-geoip — legacy GeoIP v1 for stream
Standalone libraries
- libmodsecurity3 — ModSecurity v3 library
- modsecurity-crs — OWASP ModSecurity Core Rule Set
- libjemalloc2 — jemalloc allocator, built specifically for NGINX
- libz-ng2 — next-generation zlib (native mode)
- lua-resty — bundle of most-used Lua modules for libnginx-mod-http-lua
Custom scripts included
- reorder-modules.sh — set module load order, including Docker support
- cloudflare.sh — fetch Cloudflare IP ranges for use with
CF-Connecting-IP
Patches applied
dynamic_tls_records.patch — Cloudflare TLS latency optimizationssl_cert_cb_yield.patch — OpenResty yielding operations in SSL callbackszlib-ng.patch — zlib-ng native mode compatibility
Post-Quantum Cryptography (PQC) ready
- libnginx-mod-http-lua — embed Lua into request processing (OpenResty)
- libnginx-mod-stream-lua — Lua for TCP/UDP stream blocks
- libnginx-mod-http-lua-ssl — enhanced SSL/TLS capabilities for Lua
- libnginx-mod-http-ndk — Nginx Development Kit, required by Lua modules
- libnginx-mod-http-set-misc — set_md5, set_sha1, set_quote_json and more
- libnginx-mod-http-echo — shell-style echo/sleep/subrequest directives
- libnginx-mod-http-eval — evaluate upstream response into a variable
- libnginx-mod-http-redis2 — Redis 2.0 protocol upstream
- libnginx-mod-http-srcache-filter — transparent subrequest-based caching
- libnginx-mod-http-xss — native cross-site AJAX support
- libnginx-mod-http-njs — JavaScript subset for extending NGINX
- libnginx-mod-stream-njs — njs for stream blocks
Headers and response manipulation
- libnginx-mod-http-headers-more-filter — set/clear any request or response header
- libnginx-mod-http-subs-filter — regex substitution in response body
- libnginx-mod-http-trim-filter — strip whitespace and HTML comments
- libnginx-mod-http-dynamic-etag — ETags for dynamic content
- libnginx-mod-http-hmac-secure-link — HMAC-signed secure download links
Caching and static serving
- libnginx-mod-pagespeed — Google PageSpeed — optimize assets on the fly
- libnginx-mod-http-fancyindex — styled directory listings
- libnginx-mod-http-concat — concatenate CSS/JS in one request
- libnginx-mod-http-dav-ext — full WebDAV: PROPFIND, OPTIONS, LOCK
Streaming and pub/sub
- libnginx-mod-http-flv-live — HTTP-FLV live streaming with GOP cache
- libnginx-mod-rtmp — RTMP streaming
- libnginx-mod-nchan — pub/sub for HTTP, SSE, WebSockets
- libnginx-mod-http-doh — DNS-over-HTTPS endpoint
- libnginx-mod-http-early-hints — HTTP 103 Early Hints
Built-in modules (no extra package)
- libnginx-mod-http-geoip — legacy MaxMind GeoIP v1
- libnginx-mod-http-image-filter — on-the-fly image resizing/cropping
- libnginx-mod-http-perl — Perl scripting
- libnginx-mod-http-xslt-filter — XSLT transformations
- libnginx-mod-mail — mail proxy (SMTP, IMAP, POP3)
- libnginx-mod-stream — TCP/UDP load balancing
- libnginx-mod-stream-geoip — legacy GeoIP v1 for stream
Standalone libraries
- libmodsecurity3 — ModSecurity v3 library
- modsecurity-crs — OWASP ModSecurity Core Rule Set
- libjemalloc2 — jemalloc allocator, built specifically for NGINX
- libz-ng2 — next-generation zlib (native mode)
- lua-resty — bundle of most-used Lua modules for libnginx-mod-http-lua
Custom scripts included
- reorder-modules.sh — set module load order, including Docker support
- cloudflare.sh — fetch Cloudflare IP ranges for use with
CF-Connecting-IP
Patches applied
dynamic_tls_records.patch — Cloudflare TLS latency optimizationssl_cert_cb_yield.patch — OpenResty yielding operations in SSL callbackszlib-ng.patch — zlib-ng native mode compatibility
Post-Quantum Cryptography (PQC) ready
- libnginx-mod-pagespeed — Google PageSpeed — optimize assets on the fly
- libnginx-mod-http-fancyindex — styled directory listings
- libnginx-mod-http-concat — concatenate CSS/JS in one request
- libnginx-mod-http-dav-ext — full WebDAV: PROPFIND, OPTIONS, LOCK
Streaming and pub/sub
- libnginx-mod-http-flv-live — HTTP-FLV live streaming with GOP cache
- libnginx-mod-rtmp — RTMP streaming
- libnginx-mod-nchan — pub/sub for HTTP, SSE, WebSockets
- libnginx-mod-http-doh — DNS-over-HTTPS endpoint
- libnginx-mod-http-early-hints — HTTP 103 Early Hints
Built-in modules (no extra package)
- libnginx-mod-http-geoip — legacy MaxMind GeoIP v1
- libnginx-mod-http-image-filter — on-the-fly image resizing/cropping
- libnginx-mod-http-perl — Perl scripting
- libnginx-mod-http-xslt-filter — XSLT transformations
- libnginx-mod-mail — mail proxy (SMTP, IMAP, POP3)
- libnginx-mod-stream — TCP/UDP load balancing
- libnginx-mod-stream-geoip — legacy GeoIP v1 for stream
Standalone libraries
- libmodsecurity3 — ModSecurity v3 library
- modsecurity-crs — OWASP ModSecurity Core Rule Set
- libjemalloc2 — jemalloc allocator, built specifically for NGINX
- libz-ng2 — next-generation zlib (native mode)
- lua-resty — bundle of most-used Lua modules for libnginx-mod-http-lua
Custom scripts included
- reorder-modules.sh — set module load order, including Docker support
- cloudflare.sh — fetch Cloudflare IP ranges for use with
CF-Connecting-IP
Patches applied
dynamic_tls_records.patch — Cloudflare TLS latency optimizationssl_cert_cb_yield.patch — OpenResty yielding operations in SSL callbackszlib-ng.patch — zlib-ng native mode compatibility
Post-Quantum Cryptography (PQC) ready
- libnginx-mod-http-geoip — legacy MaxMind GeoIP v1
- libnginx-mod-http-image-filter — on-the-fly image resizing/cropping
- libnginx-mod-http-perl — Perl scripting
- libnginx-mod-http-xslt-filter — XSLT transformations
- libnginx-mod-mail — mail proxy (SMTP, IMAP, POP3)
- libnginx-mod-stream — TCP/UDP load balancing
- libnginx-mod-stream-geoip — legacy GeoIP v1 for stream
Standalone libraries
- libmodsecurity3 — ModSecurity v3 library
- modsecurity-crs — OWASP ModSecurity Core Rule Set
- libjemalloc2 — jemalloc allocator, built specifically for NGINX
- libz-ng2 — next-generation zlib (native mode)
- lua-resty — bundle of most-used Lua modules for libnginx-mod-http-lua
Custom scripts included
- reorder-modules.sh — set module load order, including Docker support
- cloudflare.sh — fetch Cloudflare IP ranges for use with
CF-Connecting-IP
Patches applied
dynamic_tls_records.patch — Cloudflare TLS latency optimizationssl_cert_cb_yield.patch — OpenResty yielding operations in SSL callbackszlib-ng.patch — zlib-ng native mode compatibility
Post-Quantum Cryptography (PQC) ready
- reorder-modules.sh — set module load order, including Docker support
- cloudflare.sh — fetch Cloudflare IP ranges for use with
CF-Connecting-IP
Patches applied
dynamic_tls_records.patch — Cloudflare TLS latency optimizationssl_cert_cb_yield.patch — OpenResty yielding operations in SSL callbackszlib-ng.patch — zlib-ng native mode compatibility
Post-Quantum Cryptography (PQC) ready
dynamic_tls_records.patch — Cloudflare TLS latency optimizationssl_cert_cb_yield.patch — OpenResty yielding operations in SSL callbackszlib-ng.patch — zlib-ng native mode compatibilityNGINX from this repository is compiled against openssl-nginx 3.5, which ships ML-KEM (FIPS 203) as a stable algorithm. Add one directive to enable hybrid post-quantum key exchange for Chrome, Firefox, and Edge today:
ssl_ecdh_curve X25519MLKEM768:x25519:secp256r1:secp384r1;Clients that support X25519MLKEM768 negotiate a hybrid X25519 + ML-KEM-768 handshake automatically. Clients that do not support it fall back to classical groups unchanged. See the Post-Quantum TLS configuration guide for the full setup, verification steps, and FAQ.
Report issues
Open an issue at github.com/eilandert/deb.myguard.nl.