Welcome to the official hub for every place you can find our open-source work, our packaged builds, and the conversations happening around them. If you’ve landed here from a Reddit thread, a GitHub README, a Docker pull command, or just a curious Google search — congratulations, you’re in the right spot. This page is the one-stop directory of everything we publish, host, and tinker with. Bookmark it. Share it with that one friend who always asks “but where do I actually download it?” Yes, this is the answer.
We build and maintain a small empire of nginx modules, Angie packages, Debian/Ubuntu repositories, Docker images, and a WordPress hardening plugin. All of it is free, all of it is open, and all of it is mirrored across the platforms below so you can grab whatever fits your workflow — whether you live in apt, docker pull, or git clone.
Why a single “find us everywhere” page?
Because the internet is messy. Our nginx zstd module lives on GitHub. Our Angie debs live on Launchpad and on our own apt repo. Our Docker images live on Docker Hub. Our WordPress hardening plugin lives in three places at once. Without a hub, you end up Googling “eilandert dockerhub” at 1 a.m. and getting four different answers. This page fixes that. Every official account, every repository, every download URL — verified, current, and linked below.
Ubuntu & Debian packages — Launchpad
Launchpad profile: ~eilander — this is our official Canonical Launchpad account. Launchpad is Ubuntu’s home base for Personal Package Archives (PPAs), bug tracking, and source code hosting. If you run Ubuntu and want our builds straight from apt, this is the trusted upstream.
PPA: ~eilander/ubuntu/nginx — our nginx PPA. It hosts our custom-built nginx packages with extra modules baked in (think zstd compression, security hardening, and other goodies that aren’t in the stock Ubuntu nginx). Add it with sudo add-apt-repository ppa:eilander/nginx and you’re off to the races.
Docker images — Docker Hub
Docker Hub profile: eilandert — our official Docker Hub account. Every container image we publish lives under this namespace. If you see eilandert/something on Docker Hub, it’s us. Anything else with a similar name is not affiliated. All images rebuild daily, so security fixes reach you without you lifting a finger.
Web server images
- eilandert/nginx — NGINX with 101 dynamic modules, HTTP/3 QUIC, ModSecurity, Brotli, Zstd. Tags:
deb-latest,deb-php8.5,deb-php8.4,deb-php8.2,deb-php7.4,deb-php5.6,deb-multi. Drop-in for production, hardened, three-user privilege model. - eilandert/angie — Angie (nginx fork by original core team) with 100 dynamic modules, native ACME/Let’s Encrypt, JSON status API, HTTP/3. Same tags as nginx. 100% nginx-config-compatible — swap the binary, keep your config.
- eilandert/apache-phpfpm — Apache + PHP-FPM for legacy workloads that need it. Built on the same hardened base.
PHP-FPM images
- eilandert/php-fpm — standalone PHP-FPM images for use behind your own proxy. Versions 5.6 through 8.5, Debian and Ubuntu variants. Includes Composer, jemalloc, mimalloc, Snuffleupagus hardening.
- eilandert/docker-cms (also
eilandert/angie-cms) — Angie + PHP 8.5 + the entire CMS toolbox in one container: WP-CLI, Drush, Composer, image-optim, backup tooling, restic, rclone. Mount your site, start hosting. See the full docs.
Mail stack images
- eilandert/postfix — hardened Postfix SMTP, paired with the deb.myguard.nl postfix package. TLS, SRS, modern defaults.
- eilandert/dovecot — hardened Dovecot IMAP/POP3. Post-quantum TLS, Sieve, hardened Docker image.
- eilandert/rspamd — rspamd stable and
-git(daily HEAD build) for bleeding-edge deployments. Pairs with Postfix + Dovecot. - eilandert/roundcube — hardened Roundcube webmail. Runs as nobody, Snuffleupagus PHP hardening, ModSecurity WAF. Full security model documented here.
- eilandert/vimbadmin — ViMbAdmin mail admin panel (PHP 8.5, TOTP, brute-force protection). Full guide here.
Database & cache images
- eilandert/mariadb — MariaDB on the hardened base image.
- eilandert/valkey — Valkey (the BSD-licensed Redis fork) containerised. Read why Valkey replaced Redis.
Infrastructure & utility images
- eilandert/ubuntu-base / eilandert/debian-base — hardened base images with jemalloc, no stray setuid binaries, sane umask. Foundation for all other images.
- eilandert/openssh — hardened OpenSSH server image for jump-host or SFTP-only deployments.
- eilandert/unbound — Unbound recursive DNS resolver with DNS-over-HTTPS, DNSSEC validation.
- eilandert/aptly — Aptly APT repository manager containerised — powers our own deb.myguard.nl repo toolchain.
Source code — GitHub
Build infrastructure
- github.com/eilandert/eilandert — the GitHub profile README: a single index of every project we own, every dead upstream we forked and maintain, and what each one does. Start here if you just want the full map of who we are and what we ship.
- github.com/myguard-labs/dockerized — the umbrella repo that orchestrates our Docker stack. 21 components, 85 build targets, Compose files, helper scripts. If you want to see how we run all this in production, start here.
- github.com/myguard-labs/deb.myguard.nl — the source behind this very Debian/Ubuntu apt repository. Every
.debwe publish — nginx, Angie, openssl, modules — is built from the scripts and patches in this repo. Pull requests welcome. - github.com/eilandert/build_psol — builds the PageSpeed Optimization Library (PSOL) from source, the prerequisite for compiling the ngx_pagespeed module. Shell tooling that automates an otherwise painful build.
- github.com/eilandert/webserver-hardening — hardening patches and config snippets for nginx, Angie and OpenSSL: the security baseline behind the deb.myguard.nl stack.
- github.com/eilandert/patches — a grab-bag of random patches and helper scripts we made or use across the build stack.
- github.com/eilandert/DShield.py — Python script that parses Linux iptables/ipchains firewall logs and Snort alerts into the DShield format and mails them to DShield.org.
NGINX and Angie modules
- github.com/myguard-labs/nginx-zstd-module — our maintained fork of the nginx Zstandard compression module. Patches several upstream bugs, builds cleanly against current nginx and Angie releases. Ships as
nginx-module-http-zstdandangie-module-http-zstd. - github.com/myguard-labs/nginx-error-abuse-module — auto-bans clients that generate too many HTTP errors (fail2ban-style 429 for 403/404/5xx storms), enforced in-process with sliding-window shared-memory counters, optional Redis/Valkey cluster-wide bans. See the full guide.
- github.com/myguard-labs/nginx-cache-turbo-module — page cache that lives inside nginx: no Varnish, no Lua, no second daemon. stale-while-revalidate, L1/L2 tiers, single-flight refresh. Full guide.
- github.com/myguard-labs/nginx-strip-filter-module — dynamic nginx response-body minifier: strips comments and redundant whitespace from HTML, CSS, JavaScript, JSON, SVG and XML while preserving syntax that affects meaning. Full guide.
- github.com/eilandert/http-modsecurity — our ModSecurity v3 nginx connector, kept in sync with libmodsecurity3 releases.
- github.com/eilandert/FreeANGIE — Angie rebuilt on top of FreeNGINX instead of stock nginx — because we can. An experimental build tracking the freenginx fork.
WordPress & CMS projects
- github.com/myguard-labs/wordpress-hardening-plugin (docs) — ModSecurity CRS plugin that adds 40+ rules for WordPress: typed-parameter SQLi blocking, rate limiting, GeoIP, XML-RPC lockdown, user-enumeration prevention. Free, MIT-licensed, runs on this very site. Plugin guide.
- github.com/eilandert/wordpress-rule-exclusions-plugin — companion CRS exclusion set for WordPress: suppresses known false positives from the OWASP Core Rule Set so you can run detection mode without drowning in noise.
- github.com/eilandert/database-boost — WordPress database optimization plugin: cleans, repairs, optimizes and indexes your database with plain-English explanations of every step. Plugin guide.
- github.com/eilandert/wp-redis — WordPress object-cache drop-in backed by Valkey/Redis. Ships with the deb.myguard.nl stack.
Mail stack projects
- github.com/eilandert/vimbadmin — ViMbAdmin modernised for PHP 8.5: Postfix + Dovecot mailbox admin panel with TOTP, brute-force protection, JSON-RPC API. Full guide.
- github.com/eilandert/rspamd-kam-rules — transpiles KAM.cf’s 3,200+ SpamAssassin rules to native Rspamd Lua, eliminating the Perl engine dependency. How it works.
- github.com/myguard-labs/rspamd-dcc-razor-pyzor — Rspamd plugin plus a ~19 MB distroless Go backend (gozer) that scores mail via DCC, Razor and Pyzor from one token-authed Docker endpoint — never blocks the scanner, never writes mail to disk. Full guide.
- github.com/myguard-labs/gozer — the DCC/Razor/Pyzor backend binary itself: links gdcc, gazor and gyzor in-process and answers Rspamd over one authenticated HTTP endpoint, with no per-message subprocess forks.
- github.com/myguard-labs/gyzor — fast, dependency-light Go reimplementation of the Pyzor client (library + CLI), wire-compatible with public.pyzor.org. Powers the rspamd-dcc-razor-pyzor backend in-process.
- github.com/myguard-labs/gazor — fast, zero-dependency Go reimplementation of the Razor2 client (library + CLI), wire-compatible with the Cloudmark catalogue servers. Standard library only.
- github.com/myguard-labs/gdcc — from-scratch, dependency-free Go DCC protocol client (library + CLI), checksums byte-identical to dccproc, no /var/dcc needed.
- github.com/eilandert/rspamd-yarad — YARA malware scanner backend for Rspamd: a tiny distroless, nonroot Go service with libyara statically linked and public rulesets baked in, plus a cache that holds up under serious mail volume. Full guide.
- github.com/myguard-labs/rspamd-olefy — concurrency, timeout, backpressure and optional cache front-end wrapping Heinlein’s olefy (oletools VBA-macro scanning) so it survives a real mail stream. Full guide.
- github.com/eilandert/Botnet.pm — a SpamAssassin plugin module for botnet / zombie-host detection, used in our mail-filtering stack.
- github.com/eilandert/roundcube-elastic4mobile — Roundcube plugin that tunes the Elastic skin for mobile devices. Pairs with the
eilandert/roundcubeimage.
ModSecurity CRS plugins
- github.com/myguard-labs/vaultwarden-crs-plugin (docs) — CRS plugin and exclusion set for Vaultwarden (self-hosted Bitwarden). Lets you run the WAF in front of your password manager without drowning in false positives.
- github.com/eilandert/vimbadmin-crs-plugin (docs) — CRS plugin and exclusion set for ViMbAdmin. Pairs with the vimbadmin Docker image.
Our own apt repository
Beyond Launchpad, we also run our own Debian/Ubuntu repo at deb.myguard.nl — the site you’re reading right now. It hosts the same nginx and Angie builds as the PPA, plus extras that Launchpad’s build farm can’t produce (custom openssl, ngx_brotli, ngx_zstd, ModSecurity, and more). See the full NGINX module list and the Angie module list. Setup instructions are on the homepage; one curl command, one apt update, done.
Community & discussion
The best place to ask questions, report bugs, or suggest features is GitHub Issues on the relevant repo. Every project linked above has an active issue tracker — that’s where the real conversation happens, where bugs get fixed, and where new features are scoped. If you’ve found a bug, open an issue. If you’ve got an idea, open an issue. If you just want to say thanks, a star on the repo means more than you’d think.
Prefer to reach us directly? Use the contact page — for questions, packaging requests, or anything that doesn’t fit a GitHub issue. For security vulnerabilities, email eilander@myguard.nl instead (see below).
For longer-form discussion, nginx and Angie threads on r/nginx and the official nginx forum are where most of the community lives. We lurk and occasionally jump in. If you mention one of our modules or packages there, we’ll usually see it.
How to verify it’s really us
Supply-chain attacks are real, and “is this account legit?” is a fair question to ask about anyone who hands you a binary. Here’s how to verify: all our official accounts are linked from this page, and this page is linked from the footer of deb.myguard.nl (the canonical domain). If you find an account claiming to be us that isn’t on this list, it isn’t us. All Debian packages are signed with our GPG key — fingerprint and import instructions are on the apt repo homepage. All Docker images are published from the same source tree as the deb packages, so you can audit them yourself.
Frequently Asked Questions
Which should I use — the Launchpad PPA or the deb.myguard.nl apt repo?
Both are official. The Launchpad PPA is a good choice if you already trust Canonical’s infrastructure and want a minimal-friction Ubuntu install. The deb.myguard.nl repo gives you more packages and faster updates (Launchpad’s build farm can be slow, and some modules can’t be built there at all). If in doubt, use deb.myguard.nl.
Are the Docker images and the deb packages built from the same source?
Yes. Both come out of the deb.myguard.nl build repo. The Docker images are essentially a thin wrapper around the same .deb packages we publish for Ubuntu and Debian, so behaviour is identical across the two.
Is the WordPress hardening plugin on the official WordPress.org plugin directory?
Not yet — the plugin is currently distributed via GitHub. We’re working through the WordPress.org submission process; until then, install it manually from the GitHub repo. Releases are tagged so you can grab a specific version, or clone and pull for the bleeding edge.
How do I report a security vulnerability?
Don’t open a public GitHub issue for security bugs. Instead, email eilander@myguard.nl with details. We’ll respond, coordinate a fix, and credit you in the release notes if you’d like. Standard responsible-disclosure rules apply.
Can I contribute? What kind of PRs do you accept?
Absolutely — pull requests are very welcome on every repo. Bug fixes, build-system improvements, documentation tweaks, new test cases, new modules to package: all fair game. For larger changes, open an issue first so we can sanity-check the direction before you spend hours coding. We try to review within a few days.
Why so many platforms? Wouldn’t one be enough?
Because different users live in different ecosystems. Sysadmins want apt install. DevOps engineers want docker pull. Developers want git clone. By publishing the same software to Launchpad, Docker Hub, GitHub, and our own apt repo, we meet you where you already are — instead of forcing you to learn a new workflow just to use our packages.
Related reading
- NGINX modules optimized & extended — 101 dynamic modules, HTTP/3, kTLS, ModSecurity, GeoIP2, Brotli, Lua — the full list.
- Angie modules optimized & extended — same module set on the nginx fork with native ACME and JSON status API.
- Angie & NGINX Docker images — daily-rebuilt containers, five-minute docker-compose, three-user privilege model.
- deb.myguard.nl homepage — apt repo setup instructions, GPG key, package list.
- Build the packages yourself — the full source tree behind every .deb we publish.
- WordPress hardening plugin on GitHub — lock down your WordPress install in five minutes.