NGINX Mainline and modules

This is an updated rebuild and backport of the Ubuntu-20.10 Groovy NGINX Package with OpenSSL 1.1.1i

---------------------------------------------------------------------------------
EDIT 6 juni 2020 - I am changing the buildprocess. If you get in trouble, remove the nginx extension with apt, and install it again. Sorry, need to do this to ensure compatibility between nginx and extensions. Plus it's a lot easier to maintain.
update: only pagespeed left to go, somewhere in the future when I have some time
update2: Dec 1th 2020, migrated pagespeed into the nginx package.
---------------------------------------------------------------------------------
update: builds are now automated.
  - libmodsecurity3 is rebuilt every month from git
  - the modsecurity core ruleset (crs, alsof from git) is rebuilt once a week
  - nginx (and all modules) is rebuilt when a new version is released, except
    when it breaks patches which I try to fix manually as soon as possible.
---------------------------------------------------------------------------------
update: there is now a debian/ubuntu repo on http://deb.paranoid.nl
---------------------------------------------------------------------------------

Goal is to have a full fledged http proxy for my minimal configured lxc/docker/wordpress/magento/opencart instances while keeping security and performance in mind. Building this repo is the easiest way to keep it altogether and up2date in the debian/ubuntu way.

I will try to support all Ubuntu LTS versions, but will remove them if it gets too difficult to keep supporting it.

There is an Ubuntu/Debian repo on http://deb.paranoid.nl with these packages

There is an docker image (with or without php-fpm (ondrej packages)) on:
https://hub.docker.com/r/eilandert/nginx-modsecurity3-pagespeed

I build PSOL (for pagespeed) myself on an ubuntu-bionic docker to ensure compatibility. This build-docker is on https://hub.docker.com/r/eilandert/psol

I don't personally use all modules, some are requested by readers like you.

Features:
 * Latest Mainline. (and not stable).
 * Removed ubuntu branding in server signature
 * Optimized nginx.conf
 * Compiled with -O3 -flto to squeeze some extra % performance.
 * Build with file AIO support (better performance for eg ZFS)
 * Linked all builds against OpenSSL 1.1.1i so there is ALPN and TLS1.3 support
 * Added /etc/nginx/snippets/ssl.conf.example, should give A+ on SSLLABS
 * Added https://ssl-config.mozilla.org/ffdhe4096.txt as dhparams.pem (ssl)
 * Added additional security in snippets/
 * Added maps against bots in snippets/
 * Added some hardening in snippets/
 * Added proxy.conf in snippets/
 * Added some performance in snippets/ (or it will, in a new build)
 (Some of the snippets are inspired on https://calomel.org/nginx.html)

Patches:
 * Added HTTP2 HPACK Encoding Support. (Cloudflare patch)
 * Added Optimizing TLS over TCP to reduce latency (Cloudflare patch)
   (add ssl_dyn_rec_enable on; to the http{} block)

Extra NGINX packages build from git: (besides the packages included with ubuntu)
 * libnginx-mod-pagespeed ngx_pagespeed speeds up your site
         (https://www.modpagespeed.com/doc/)
 * libnginx-mod-modsecurity connector for libmodsecurity3
         (https://github.com/SpiderLabs/ModSecurity-nginx)
 * libnginx-mod-security-headers NGINX Module for sending security headers
         (https://github.com/GetPageSpeed/ngx_security_headers)
 * libnginx-mod-brotli - NGINX module for Brotli compression
         (https://github.com/google/ngx_brotli)
 * libnginx-mod-naxsi - NAXSI is an open-source WAF for NGINX
         (https://github.com/nbs-system/naxsi)
 * libnginx-mod-ssl-ct Certificate Transparency module for nginx.
         (https://github.com/grahamedgecombe/nginx-ct)

Standalone Libraries:
 * libmodsecurity3 - ModSecurity v3 library component
 * modsecurity-crs - OWASP ModSecurity Core Rule Set https://coreruleset.org

Including default Ubuntu Groovy packages:
 * libnginx-mod-http-auth-pam PAM authentication module for Nginx
 * libnginx-mod-http-cache-purge Purge content from Nginx caches
 * libnginx-mod-http-dav-ext WebDAV missing commands support for Nginx
 * libnginx-mod-http-echo Bring echo and more shell style goodies to Nginx
 * libnginx-mod-http-fancyindex Fancy indexes module for the Nginx
 * libnginx-mod-http-geoip GeoIP HTTP module for Nginx
 * libnginx-mod-http-geoip2 GeoIP2 HTTP module for Nginx
 * libnginx-mod-http-headers-more-filter Set and clear input and output headers
 * libnginx-mod-http-image-filter HTTP image filter module for Nginx
 * libnginx-mod-http-lua Lua module for Nginx
 * libnginx-mod-http-ndk Nginx Development Kit module
 * libnginx-mod-http-perl Perl module for Nginx
 * libnginx-mod-http-subs-filter Substitution filter module for Nginx
 * libnginx-mod-http-uploadprogress Upload progress system for Nginx
 * libnginx-mod-http-upstream-fair Nginx Upstream Fair Proxy Load Balancer
 * libnginx-mod-http-xslt-filter XSLT Transformation module for Nginx
 * libnginx-mod-mail Mail module for Nginx
 * libnginx-mod-nchan Fast, flexible pub/sub server for Nginx
 * libnginx-mod-rtmp RTMP support for Nginx
 * libnginx-mod-stream Stream module for Nginx
 * libnginx-mod-stream-geoip GeoIP Stream module for Nginx
 * libnginx-mod-stream-geoip2 GeoIP2 Stream module for Nginx

If you like my packages, please consider a small donation at
paypal nomad @ paranoid.nl