NGINX Mainline and modules

PPA description

This is an updated rebuild and backport of the Ubuntu-20.10 Groovy NGINX Package with OpenSSL 1.1.1i

---------------------------------------------------------------------------------
EDIT 6 juni 2020 - I am changing the buildprocess. If you get in trouble, remove the nginx extension with apt, and install it again. Sorry, need to do this to ensure compatibility between nginx and extensions. Plus it's a lot easier to maintain.
update: only pagespeed left to go, somewhere in the future when I have some time
update2: Dec 1th 2020, migrated pagespeed into the nginx package.
---------------------------------------------------------------------------------
update: builds are now automated.
  - libmodsecurity3 is rebuilt every month from git
  - the modsecurity core ruleset (crs, alsof from git) is rebuilt once a week
  - nginx (and all modules) is rebuilt when a new version is released, except
    when it breaks patches which I try to fix manually as soon as possible.
---------------------------------------------------------------------------------
update: there is now a debian/ubuntu repo on http://deb.paranoid.nl
---------------------------------------------------------------------------------

Goal is to have a full fledged http proxy for my minimal configured lxc/docker/wordpress/magento/opencart instances while keeping security and performance in mind. Building this repo is the easiest way to keep it altogether and up2date in the debian/ubuntu way.

I will try to support all Ubuntu LTS versions, but will remove them if it gets too difficult to keep supporting it.

There is an Ubuntu/Debian repo on http://deb.paranoid.nl with these packages

There is an docker image (with or without php-fpm (ondrej packages)) on:
https://hub.docker.com/r/eilandert/nginx-modsecurity3-pagespeed

I build PSOL (for pagespeed) myself on an ubuntu-bionic docker to ensure compatibility. This build-docker is on https://hub.docker.com/r/eilandert/psol

I don't personally use all modules, some are requested by readers like you.

Features:
 * Latest Mainline. (and not stable).
 * Removed ubuntu branding in server signature
 * Optimized nginx.conf
 * Compiled with -O3 -flto to squeeze some extra % performance.
 * Build with file AIO support (better performance for eg ZFS)
 * Linked all builds against OpenSSL 1.1.1i so there is ALPN and TLS1.3 support
 * Added /etc/nginx/snippets/ssl.conf.example, should give A+ on SSLLABS
 * Added https://ssl-config.mozilla.org/ffdhe4096.txt as dhparams.pem (ssl)
 * Added additional security in snippets/
 * Added maps against bots in snippets/
 * Added some hardening in snippets/
 * Added proxy.conf in snippets/
 * Added some performance in snippets/ (or it will, in a new build)
 (Some of the snippets are inspired on https://calomel.org/nginx.html)

Patches:
 * Added HTTP2 HPACK Encoding Support. (Cloudflare patch)
 * Added Optimizing TLS over TCP to reduce latency (Cloudflare patch)
   (add ssl_dyn_rec_enable on; to the http{} block)

Extra NGINX packages build from git: (besides the packages included with ubuntu)
 * libnginx-mod-pagespeed ngx_pagespeed speeds up your site
         (https://www.modpagespeed.com/doc/)
 * libnginx-mod-modsecurity connector for libmodsecurity3
         (https://github.com/SpiderLabs/ModSecurity-nginx)
 * libnginx-mod-security-headers NGINX Module for sending security headers
         (https://github.com/GetPageSpeed/ngx_security_headers)
 * libnginx-mod-brotli - NGINX module for Brotli compression
         (https://github.com/google/ngx_brotli)
 * libnginx-mod-naxsi - NAXSI is an open-source WAF for NGINX
         (https://github.com/nbs-system/naxsi)
 * libnginx-mod-ssl-ct Certificate Transparency module for nginx.
         (https://github.com/grahamedgecombe/nginx-ct)

Standalone Libraries:
 * libmodsecurity3 - ModSecurity v3 library component
 * modsecurity-crs - OWASP ModSecurity Core Rule Set https://coreruleset.org

Including default Ubuntu Groovy packages:
 * libnginx-mod-http-auth-pam PAM authentication module for Nginx
 * libnginx-mod-http-cache-purge Purge content from Nginx caches
 * libnginx-mod-http-dav-ext WebDAV missing commands support for Nginx
 * libnginx-mod-http-echo Bring echo and more shell style goodies to Nginx
 * libnginx-mod-http-fancyindex Fancy indexes module for the Nginx
 * libnginx-mod-http-geoip GeoIP HTTP module for Nginx
 * libnginx-mod-http-geoip2 GeoIP2 HTTP module for Nginx
 * libnginx-mod-http-headers-more-filter Set and clear input and output headers
 * libnginx-mod-http-image-filter HTTP image filter module for Nginx
 * libnginx-mod-http-lua Lua module for Nginx
 * libnginx-mod-http-ndk Nginx Development Kit module
 * libnginx-mod-http-perl Perl module for Nginx
 * libnginx-mod-http-subs-filter Substitution filter module for Nginx
 * libnginx-mod-http-uploadprogress Upload progress system for Nginx
 * libnginx-mod-http-upstream-fair Nginx Upstream Fair Proxy Load Balancer
 * libnginx-mod-http-xslt-filter XSLT Transformation module for Nginx
 * libnginx-mod-mail Mail module for Nginx
 * libnginx-mod-nchan Fast, flexible pub/sub server for Nginx
 * libnginx-mod-rtmp RTMP support for Nginx
 * libnginx-mod-stream Stream module for Nginx
 * libnginx-mod-stream-geoip GeoIP Stream module for Nginx
 * libnginx-mod-stream-geoip2 GeoIP2 Stream module for Nginx

If you like my packages, please consider a small donation at
paypal nomad @ paranoid.nl

Adding this PPA to your system

You can update your system with unsupported packages from this untrusted PPA by adding ppa:eilander/nginx to your system's Software Sources. (Read about installing)

sudo add-apt-repository ppa:eilander/nginx
sudo apt-get update
        
Technical details about this PPA

This PPA can be added to your system manually by copying the lines below and adding them to your system's software sources.

Display sources.list entries for:
deb http://ppa.launchpad.net/eilander/nginx/ubuntu YOUR_UBUNTU_VERSION_HERE main 
deb-src http://ppa.launchpad.net/eilander/nginx/ubuntu YOUR_UBUNTU_VERSION_HERE main 
Signing key:
4096R/FBD7450146A9E73EFF3095B597992D8CFD2E2D02 (What is this?)
Fingerprint:
FBD7450146A9E73EFF3095B597992D8CFD2E2D02

For questions and bugs with software in this PPA please contact Thijs Eilander.

PPA statistics

Activity
13 updates added during the past month.
View package details

Overview of published packages

126 of 26 results
Package Version Uploaded by
brotli 1.0.9-3myguard1~hirsute Thijs Eilander (2021-02-27)
brotli 1.0.9-3myguard1~groovy Thijs Eilander (2021-01-11)
brotli 1.0.9-3myguard1~focal Thijs Eilander (2021-01-11)
brotli 1.0.9-3myguard1~bionic Thijs Eilander (2021-01-11)
libmaxminddb 1.5.2-3myguard1~hirsute Thijs Eilander (2021-02-19)
libmaxminddb 1.5.2-3myguard1~groovy Thijs Eilander (2021-02-19)
libmaxminddb 1.5.2-3myguard1~focal Thijs Eilander (2021-02-19)
libmaxminddb 1.5.2-3myguard1~bionic Thijs Eilander (2021-02-19)
modsecurity 3.0.4.2012272135-2myguard1~ubuntu21.04 Thijs Eilander (2020-12-27)
modsecurity 3.0.4.2012272135-2myguard1~ubuntu20.10 Thijs Eilander (2020-12-27)
modsecurity 3.0.4.2012272135-2myguard1~ubuntu20.04 Thijs Eilander (2020-12-27)
modsecurity 3.0.4.2012272135-2myguard1~ubuntu18.04 Thijs Eilander (2020-12-27)
modsecurity-crs 3.3.1rc1.2101022012-2myguard1~xenial Thijs Eilander (2021-01-02)
modsecurity-crs 3.3.1rc1.2101022012-2myguard1~trusty Thijs Eilander (2021-01-02)
modsecurity-crs 3.3.1rc1.2101022012-2myguard1~groovy Thijs Eilander (2021-01-02)
modsecurity-crs 3.3.1rc1.2101022012-2myguard1~focal Thijs Eilander (2021-01-02)
modsecurity-crs 3.3.1rc1.2101022012-2myguard1~devel Thijs Eilander (2021-01-02)
modsecurity-crs 3.3.1rc1.2101022012-2myguard1~bionic Thijs Eilander (2021-01-02)
nginx 1.19.10-3myguard2~focal Thijs Eilander (2021-04-14)
nginx 1.19.10-3myguard1~hirsute Thijs Eilander (2021-04-14)
nginx 1.19.10-3myguard1~groovy Thijs Eilander (2021-04-14)
nginx 1.19.10-3myguard1~bionic Thijs Eilander (2021-04-14)
openssl 1.1.1k-5myguard2~hirsute Thijs Eilander (2021-03-25)
openssl 1.1.1k-5myguard2~groovy Thijs Eilander (2021-03-25)
openssl 1.1.1k-5myguard2~focal Thijs Eilander (2021-03-25)
openssl 1.1.1k-5myguard2~bionic Thijs Eilander (2021-03-25)
126 of 26 results

Latest updates

  • nginx 39 hours ago
    Successfully built
  • nginx 42 hours ago
    Successfully built
  • nginx 42 hours ago
    Successfully built
  • nginx 42 hours ago
    Successfully built
  • openssl 3 weeks ago
    Successfully built