// Packages

Packages

deb.myguard.nl is a free, community-driven APT repository providing optimized and security-focused packages for Debian and Ubuntu production servers. Every package is compiled with the right flags, linked against the right libraries, and updated within hours of upstream releases, no waiting for Debian stable freezes.

Why choose these packages?

  • Performance-first builds: Compiled with the right optimization flags and linked against updated libraries like jemalloc where it makes a real difference.
  • Latest upstream versions: NGINX mainline, current Dovecot, fresh Rspamd: no backport delays.
  • HTTP/3 ready: NGINX and Angie linked against openssl-nginx with full QUIC support.
  • Security defaults: ModSecurity WAF, php-snuffleupagus, and modern TLS configurations included.
  • Multi-distro: Debian 12 (Bookworm), Debian 13 (Trixie), Ubuntu 22.04/24.04/26.04.
  • GPG-signed: Every package signed and delivered via modern signed-by APT configuration.

To add this repository to your server, see the setup guide, it takes under two minutes.

Web servers & proxies

The web server packages are the flagship of this repository. NGINX and Angie are compiled with 50+ dynamic modules, HTTP/3 QUIC support, and performance optimizations not available in the official Debian or Ubuntu packages. Load only the modules you need, no recompilation required.

  • nginx: Mainline NGINX with HTTP/3, QUIC, Brotli, ModSecurity, GeoIP2, Lua, NJS and 50+ dynamic modules. See the full module list.
  • angie: Drop-in NGINX replacement by the original NGINX authors. Native ACME/Let’s Encrypt without Certbot, JSON status API, HTTP/3. See Angie modules.
  • apache2: Latest Apache HTTP Server compiled with OpenSSL 3 and performance optimizations.

Mail & communication

A complete mail server stack, all packages built to work together and updated alongside each other. Postfix, Dovecot, and Rspamd form the standard production combination.

  • postfix: High-performance mail transport agent with modern TLS and SRS support.
  • dovecot: Secure IMAP/POP3 server with Sieve plugin included.
  • rspamd: Fast spam filtering for Postfix and Dovecot deployments.
  • rspamd-git: Daily git master build of Rspamd for bleeding-edge deployments.
  • unbound: Validating DNS resolver with DNS-over-HTTPS support.

Security & protection

Security packages range from the ModSecurity WAF (for blocking attacks at the web server level) to php-snuffleupagus (for hardening PHP-FPM from the inside). These are the packages that turn a standard server into a hardened one.

  • libmodsecurity3: ModSecurity v3 WAF library with OWASP Core Rule Set support.
  • modsecurity-crs: OWASP ModSecurity Core Rule Set for NGINX and Apache.
  • php-snuffleupagus: PHP security module that blocks SQL injection, XSS, and dangerous functions inside PHP-FPM.
  • openssh: Latest OpenSSH server and client, built with FIDO2/U2F hardware-key support via libfido2.
  • libfido2: FIDO2 library for hardware key support (YubiKey) in OpenSSH and other tools.
  • clamav: Anti-virus for Unix mail gateways and file servers.

OpenSSL & cryptography

A dedicated OpenSSL build for the web server stack: openssl-nginx is compiled specifically for NGINX and Angie with QUIC patches and kTLS support baked in.

  • openssl-nginx: Dedicated OpenSSL build for NGINX and Angie. Includes QUIC patches, kTLS, and is kept in sync with NGINX mainline releases.

Compression & performance libraries

These libraries are what the NGINX and Angie builds link against to deliver Brotli and Zstd compression out of the box.

  • libbrotli: Google Brotli compression library. Required for the NGINX Brotli module.
  • libzstd: Facebook Zstd compression. Faster than gzip at equivalent ratios.
  • zlib-ng: Drop-in zlib replacement with SIMD optimizations. NGINX links against this instead of system zlib.

Memory allocators

Better memory allocators reduce fragmentation and improve throughput under sustained load, particularly relevant for long-running NGINX worker processes.

  • jemalloc: High-performance allocator with arena-based design. Used by Firefox, Redis, and FreeBSD.
  • mimalloc: Microsoft’s compact general-purpose allocator with excellent multi-threaded performance.

Lua & scripting

The full OpenResty Lua stack, packaged for use with the NGINX and Angie Lua modules without needing to compile anything. See the Lua modules page for the complete list of lua-resty-* packages.

  • luajit2: OpenResty’s LuaJIT 2 with extra patches. The JIT engine behind NGINX Lua scripting.
  • lua-cjson: Fast JSON encoder/decoder for Lua.
  • lua-resty-*: All OpenResty lua-resty modules: Redis, MySQL, HTTP, JWT, OpenID Connect, WebSocket and more.

Database & caching

  • valkey: The BSD-licensed, Linux Foundation-backed Redis fork. Our build adds LTO, FORTIFY_SOURCE=3, a hardened systemd sandbox, an AppArmor profile, a conf.d drop-in directory, and a built-in valkey-healthcheck binary. Read why it replaced Redis.
  • redis / redis7: Legacy Redis releases for compatibility with existing deployments. New installs should prefer valkey.
  • libhiredis: Minimalistic C client library for Redis protocol.

Build & development tools

  • ccache: Compiler cache for fast C/C++ recompilation. Speeds up repeated NGINX module builds significantly.
  • rust: Rust systems programming language toolchain.
  • git: Latest Git version control system.

All packages are GPG-signed and available for Debian 12 (Bookworm), Debian 13 (Trixie), Ubuntu 22.04 (Jammy), Ubuntu 24.04 (Noble), and Ubuntu 26.04 (Resolute). → Add the repository