Tag: debian

Your mailbox table deserves better than raw SQL at 02:00. ViMbAdmin — modernised for PHP 8.5 — manages Postfix + Dovecot virtual domains, mailboxes and aliases via web UI or JSON-RPC API, with TOTP, brute-force protection and a hardened Docker image.

Five tools — eatmydata, mold, ccache, distcc, tmpfs — turn a 14-minute build into 90 seconds. Same compiler, same hardware. Any build system: make, cmake, autotools, ninja, Debian packaging. Here is how to wire them in, what each one breaks, and the order to enable them in.

The deb.myguard.nl APT repository now publishes clean per-distribution and per-package trees under /apt/. Here is why we split the old mixed pool, how the new layout works, and how to add exactly the packages you want.

In May 1998, Wietse Venema released the first public alpha of a mailer he’d been writing inside IBM Research and originally called…

The myguard OpenSSH 10.3 package rebuilds sshd for production servers: post-quantum key exchange, AEAD-only ciphers, an AppArmor profile, a fail2ban jail, monthly moduli regeneration, three switchable sshd flavours (default / gssapi / minimal), and compiler hardening beyond Debian’s default. Includes a 2026 SSH key-generation walkthrough and a stack of server-hardening tips.

Rspamd is the modern spam filter that runs Bayesian classifiers, neural networks, greylisting, DNS blacklists, Pyzor, Razor, OLEFY and DCC — all at once. Here is what rspamd does, how spam evolved, and why it crushes the inbox war.

Valkey is the BSD-licensed, Linux Foundation-backed fork of Redis — and as of 2026 it has overtaken Redis itself. Here is what Valkey is, why it exists, and why our hardened deb.myguard.nl build is the smartest way to install it on Debian or Ubuntu.

A beginner-friendly, step-by-step guide to installing ModSecurity and the OWASP Core Rule Set on NGINX for Debian and Ubuntu — from zero to a live WAF without taking your site down.

Zstd vs Brotli vs zlib-ng only makes sense once you separate browser encodings from compression engines. This deep dive covers support, CPU trade-offs, static vs dynamic compression, and the NGINX production patterns that actually work.

Angie 1.11.5 fixes five upstream security issues, including HTTP/3, OCSP, rewrite, SCGI/UWSGI, and charset handling hardening. Here is what changed and why it matters.

Brotli achieves 15-26% better compression than gzip on HTML, CSS, and JavaScript. This guide covers installing the NGINX Brotli module, configuring on-the-fly compression, pre-compressing static assets at level 11, and running Brotli alongside gzip.

Debian 13 Trixie brings GCC 14, OpenSSL 3.3, PHP 8.4, systemd 256, and a newer Linux kernel. Here is what each change means for your NGINX and Angie setup, with a complete upgrade checklist.

A friendly, jargon-free walkthrough: install Snuffleupagus from the myguard APT repo, pick the right rulebook for your stack (WordPress, Roundcube, generic PHP, internal agent), wire it into a PHP-FPM pool, and avoid the 5 traps that bite everyone the first time.

A complete Postfix + Dovecot + Rspamd mail server on Debian 12 and 13 — with TLS, DKIM, SPF, DMARC, spam filtering, virtual mailboxes, security hardening, and a 10/10 score on mail-tester.com. No shortcuts.

ModSecurity v3 with the OWASP CRS blocks SQL injection, XSS, shell injection, and scanner traffic at the HTTP layer. This guide covers installation, CRS paranoia levels, WordPress tuning, false positive handling, and performance impact.

NGINX beats Apache at static files and high concurrency; Apache wins on .htaccess flexibility and legacy app compatibility. Benchmark tables for static files, PHP-FPM, TLS handshakes, and memory under load.

HTTP/3 runs on QUIC over UDP, eliminating TCP head-of-line blocking and enabling 0-RTT connection resumption. This guide covers installation, configuration, 0-RTT security, load balancer setup, and performance tuning.

We just upgraded our openssl-nginx package from OpenSSL 3.x to OpenSSL 4.0. This guide explains what openssl-nginx is, what changed in version 4.0, the real pros and cons of upgrading, and how to do it safely on your Debian or Ubuntu server.

Everything about Angie in one place: what it adds over NGINX (native ACME, JSON API, dynamic upstreams, monthly releases), how it performs, how to migrate from NGINX in five minutes, full ACME certificate setup, Prometheus monitoring, and a side-by-side comparison with NGINX Plus.

Your server’s system OpenSSL juggles SSH, apt, Python, and your web server all at once. openssl-nginx says no to that. Here’s the dedicated OpenSSL built exclusively for NGINX and Angie — faster handshakes, post-quantum crypto, kernel TLS offload, zero legacy bloat.