Free APT repository  ·  50+ packages  ·  No registration

Debian & Ubuntu APT Repository — NGINX, Angie, HTTP/3

The myguard Debian/Ubuntu APT repository gives you the latest versions of NGINX, Angie, OpenSSL, Postfix, Dovecot, ModSecurity and 50+ other packages — built with security and performance in mind, with features the official repositories simply don’t ship.

# Installs GPG key, APT source and pinning in one step
$ wget https://raw.githubusercontent.com/eilandert/deb.myguard.nl/main/myguard.deb
$ dpkg -i myguard.deb
$ apt-get update && apt-get install nginx
Works on Debian 12/13 and Ubuntu 22.04/24.04/26.04  ·  Manual setup →
Browse packages Full setup guide
50+
Maintained packages
5
Supported distros
2021
Active since

Why use this APT repository?

The official Debian and Ubuntu repositories prioritize stability over features. This repository fills the gap for production servers that need both.

// performance

Compiler-optimized binaries

All packages are compiled with the right flags and linked against the right libraries — including an updated jemalloc where it makes a difference.

// features

Modules not in official repos

HTTP/3 and QUIC for NGINX and Angie, Brotli compression, ModSecurity WAF, OpenSSL+QUIC — features that require custom compilation are included out of the box.

// freshness

Latest upstream versions

Packages track upstream releases rather than Debian stable freezes. Get NGINX mainline, the newest Dovecot, and current Rspamd without backport delays.

// security

Security-first defaults

Packages include php-snuffleupagus, ModSecurity with the OWASP Core Rule Set, and modern TLS configurations enabled by default for production hardening.

// containers

Docker & Kubernetes ready

Daily-rebuilt Docker images for NGINX and Angie with all modules included. Designed for containerized and Kubernetes deployments.

// trust

GPG-signed packages

All packages are GPG-signed. The repository uses modern signed-by APT configuration for verified, tamper-proof delivery.

Why we actually build these packages

A quick story, because nobody maintains a 50-package APT repository for fun. (Okay — maybe a little bit for fun.)

Here’s the honest truth: this whole thing started because the packages we needed simply didn’t exist. We run real production servers — mail servers, web servers, WordPress sites, the works — and we kept hitting the same wall. We wanted NGINX with HTTP/3, but Debian shipped it without QUIC. We wanted Angie with native ACME, but it wasn’t in any official repository at all. We wanted ModSecurity with the OWASP Core Rule Set wired up properly, Postfix with modern TLS, Dovecot with the latest Sieve plugin, php-snuffleupagus hardening PHP-FPM, and a dozen other things. Every single one needed a custom build.

So we built them. And then we figured: if we’re already compiling all of this for our own infrastructure, why not share? That’s how deb.myguard.nl was born — a free, public, GPG-signed APT repository for Debian and Ubuntu that ships the packages we actually run in production. No telemetry, no registration, no “enterprise tier.” You just add the repository and apt-get install the things you need.

The four pillars we build for

1. Performance. Every package is compiled with sensible flags — LTO where it helps, hardened defaults that don’t cripple throughput, and modern allocators (jemalloc, mimalloc) linked in where they make a measurable difference. NGINX and Angie are built against a dedicated OpenSSL with QUIC patches, so HTTP/3 actually works instead of being a checkbox.

2. Security. The defaults matter. ModSecurity ships with the OWASP CRS pre-wired. PHP gets snuffleupagus for runtime hardening. TLS configs default to modern cipher suites. Packages are GPG-signed and delivered via the modern signed-by APT mechanism, so a compromised mirror can’t feed you a tampered binary. We sleep better, and so do the people running these on their own boxes.

3. Freshness. Debian stable is wonderful for stability and terrible for anyone who needs the latest Dovecot fix, a new Rspamd module, or NGINX mainline. We track upstream releases and rebuild quickly — usually within days, often within hours. Docker images for NGINX and Angie are rebuilt every single night, so containerised deployments stay current without anyone babysitting them.

4. The features the official repos won’t ship. HTTP/3, QUIC, Brotli, ModSecurity, OpenResty Lua modules, the full NGINX module zoo — everything that requires a custom compile lives here. You shouldn’t have to maintain your own build pipeline just to enable HTTP/3 in 2026.

Who actually uses this?

Honestly, all sorts. Sysadmins running production web stacks who don’t want to babysit a build server. Homelab folks who just want HTTP/3 on their Pi without compiling for three hours. Docker and Kubernetes users pulling the daily-rebuilt images. Mail server operators who finally want Postfix, Dovecot, and Rspamd to work together out of the box. The packages are the same whether you’re on Debian 12, Debian 13, Ubuntu 22.04, 24.04, or the new 26.04 — one repository, every current distro.

If any of that resonates, jump to the quick start below. If you’d rather poke around first, the blog has deep-dives on most of these packages — how HTTP/3 actually works, why Angie matters, the dedicated OpenSSL build, and a lot more.

Featured packages

A selection of the most-used packages in this repository. The full list covers 50+ packages across web, mail, security, and system utilities.

nginx
Mainline release with HTTP/3, QUIC, Brotli, ModSecurity, and all standard modules
HTTP/3
angie
Drop-in NGINX replacement with native ACME support (no Certbot needed) and extended metrics
HTTP/3 ACME
apache2
Latest Apache HTTP Server compiled with OpenSSL 3
openssl
OpenSSL with QUIC patches applied for HTTP/3 support in NGINX and other tools
QUIC
postfix
Latest Postfix release with modern TLS and SRS support for production mail servers
Mail
dovecot
Latest Dovecot IMAP/POP3 server with Sieve plugin included
Mail
rspamd
Fast spam filtering system for Postfix and Dovecot deployments
Mail
libmodsecurity3
ModSecurity WAF library with the OWASP Core Rule Set for NGINX and Apache
WAF
libbrotli
Google Brotli compression library, required for NGINX Brotli module
Compression
redis
Latest Redis release for caching and session storage
Cache
libfido2
FIDO2 library for hardware key support (YubiKey) in OpenSSH and other tools
Security
ccache
Compiler cache to speed up repeated builds
Dev

NGINX modules overview  ·  Angie modules overview  ·  Full package list on GitHub

Supported distributions

Packages are available for all current Debian and Ubuntu releases.

Debian
Bookworm (12) Trixie (13)
Ubuntu
Jammy (22.04 LTS) Noble (24.04 LTS) Resolute (26.04)

Green = current/recommended.

Quick start

Add the myguard Debian/Ubuntu APT repository and install your first package in under a minute.

$ wget https://raw.githubusercontent.com/eilandert/deb.myguard.nl/main/myguard.deb
$ dpkg -i myguard.deb
$ apt-get update
# Web server with HTTP/3
$ apt-get install nginx
 
# NGINX alternative with built-in ACME/Let’s Encrypt
$ apt-get install angie
 
# Mail stack
$ apt-get install postfix dovecot-core rspamd
 
# WAF for NGINX
$ apt-get install libnginx-mod-http-modsecurity libmodsecurity3 modsecurity-crs

Need manual setup or APT pinning? → Full setup guide

Frequently asked questions

Common questions about this Debian and Ubuntu APT repository.

Why do you build your own packages instead of using the official ones?
Because the official Debian and Ubuntu repositories prioritise stability over features. They freeze versions for the lifetime of a release, and they don’t ship anything that requires a custom compile — no HTTP/3 in NGINX, no Angie at all, no ModSecurity with the OWASP CRS pre-wired, no php-snuffleupagus. We build packages because the things we run in production need those features today, not in two years when the next stable release lands.
What makes these packages different from official Debian/Ubuntu packages?
The official Debian and Ubuntu repositories freeze package versions for stability. This APT repository builds from the latest upstream releases, applies the right compile-time flags, includes extra modules such as HTTP/3 QUIC for NGINX, and ships features the official repos simply don’t carry. See the full packages list.
Is NGINX compiled with HTTP/3 and QUIC support?
Yes. The NGINX packages in this Debian/Ubuntu APT repository are compiled against openssl-nginx, enabling full HTTP/3 support — something the official packages don’t include. The Angie packages ship HTTP/3 as well. See the NGINX modules page for the full list.
What is Angie and how does it compare to NGINX?
Angie is a fork of NGINX maintained by former NGINX core developers. It is a drop-in replacement with native ACME (Let’s Encrypt) support built in — no Certbot needed — plus extended Prometheus metrics and other improvements. Read the Angie 2026 review or the NGINX to Angie migration guide. Both are available in this repository.
Will installing packages from this repo break my system?
No. APT pinning is configured automatically when you install myguard.deb, so packages from this repository take priority only where you intentionally install them. Your standard Debian or Ubuntu packages are not touched. See the full setup guide for details on how pinning works.
Is this APT repository free to use?
Yes, completely free with no registration required. If you find it useful, a donation via PayPal (nomad @ paranoid.nl) helps cover server costs. Bug reports and contributions are always welcome on GitHub.
How often are packages updated?
Packages are updated shortly after upstream releases. Docker images for NGINX and Angie are rebuilt daily. Check the changelog for recent updates, or follow new releases on the blog or watch the GitHub repository.
Does this repository support ARM / aarch64?
Most packages are currently built for amd64 (x86-64). ARM support (aarch64) is planned. Check the GitHub repository for the current architecture list. The setup guide covers all supported architectures.