How do I add the deb.myguard.nl repository?

wget https://deb.myguard.nl/pool/myguard.deb&&dpkg -i myguard.deb&&apt-get update

Which Linux distributions are supported?

Debian 11 (Bullseye), 12 (Bookworm), 13 (Trixie), Ubuntu 22.04 LTS (Jammy), 24.04 LTS (Noble), 26.04 (Resolute).

Is this repository free to use?

Yes, completely free with no registration required. Donations via PayPal help cover server costs.

Free APT repository · 50+ packages · No registration

Debian & Ubuntu APT Repository — NGINX, Angie, HTTP/3

Q: What makes these packages different from official Debian/Ubuntu packages?

Packages are compiled with -O3 -flto for maximum performance, include modules not shipped in official repos (HTTP/3/QUIC, Brotli, ModSecurity WAF), and track the latest upstream versions.

Q: Is NGINX compiled with HTTP/3 and QUIC support?

Yes. NGINX packages are compiled with OpenSSL+QUIC, enabling HTTP/3. Not available in official Debian or Ubuntu packages.

The myguard Debian/Ubuntu APT repository gives you the latest versions of NGINX, Angie, OpenSSL, Postfix, Dovecot, ModSecurity and 50+ other packages — built with security and performance in mind, with features the official repositories simply don’t ship.

# Installs GPG key, APT source and pinning in one step

$ wget https://raw.githubusercontent.com/eilandert/deb.myguard.nl/main/myguard.deb

$ dpkg -i myguard.deb

$ apt-get update && apt-get install nginx

Works on Debian 12/13 and Ubuntu 22.04/24.04/26.04 · Manual setup →

Browse packages Full setup guide

50+

Maintained packages

Supported distros

2019

Active since

Why use this APT repository?

The official Debian and Ubuntu repositories prioritize stability over features. This repository fills the gap for production servers that need both.

// performance

Compiler-optimized binaries

All packages are compiled with the right flags and linked against the right libraries — including an updated jemalloc where it makes a difference.

// features

Modules not in official repos

HTTP/3 and QUIC for NGINX and Angie, Brotli compression, ModSecurity WAF, OpenSSL+QUIC — features that require custom compilation are included out of the box.

// freshness

Latest upstream versions

Packages track upstream releases rather than Debian stable freezes. Get NGINX mainline, the newest Dovecot, and current Rspamd without backport delays.

// security

Security-first defaults

Packages include php-snuffleupagus, ModSecurity with the OWASP Core Rule Set, and modern TLS configurations enabled by default for production hardening.

// containers

Docker & Kubernetes ready

Daily-rebuilt Docker images for NGINX and Angie with all modules included. Designed for containerized and Kubernetes deployments.

// trust

GPG-signed packages

All packages are GPG-signed. The repository uses modern signed-by APT configuration for verified, tamper-proof delivery.

Why we actually build these packages

A quick story, because nobody maintains a 50-package APT repository for fun. (Okay — maybe a little bit for fun.)

Here’s the honest truth: this whole thing started because the packages we needed simply didn’t exist. We run real production servers — mail servers, web servers, WordPress sites, the works — and we kept hitting the same wall. We wanted NGINX with HTTP/3, but Debian shipped it without QUIC. We wanted Angie with native ACME, but it wasn’t in any official repository at all. We wanted ModSecurity with the OWASP Core Rule Set wired up properly, Postfix with modern TLS, Dovecot with the latest Sieve plugin, php-snuffleupagus hardening PHP-FPM, and a dozen other things. Every single one needed a custom build.

So we built them. And then we figured: if we’re already compiling all of this for our own infrastructure, why not share? That’s how deb.myguard.nl was born — a free, public, GPG-signed APT repository for Debian and Ubuntu that ships the packages we actually run in production. No telemetry, no registration, no “enterprise tier.” You just add the repository and apt-get install the things you need.

The four pillars we build for

Every package decision comes back to one of these four.

01 · performance

Compiled, not just packaged

LTO where it helps, hardened defaults that don’t cripple throughput, and modern allocators (jemalloc, mimalloc) linked in where they make a measurable difference. NGINX and Angie are built against a dedicated OpenSSL with QUIC patches — so HTTP/3 actually works instead of being a checkbox.

02 · security

Defaults you can sleep on

ModSecurity ships with the OWASP CRS pre-wired. PHP gets snuffleupagus for runtime hardening. TLS configs default to modern cipher suites. Packages are GPG-signed and delivered via the modern signed-by APT mechanism — a compromised mirror can’t feed you a tampered binary.

03 · freshness

Days, not release cycles

Debian stable is wonderful for stability and terrible for anyone who needs the latest Dovecot fix, a new Rspamd module, or NGINX mainline. We track upstream releases and rebuild quickly — usually within days, often within hours. Docker images rebuild every single night.

04 · features

What the official repos won’t ship

HTTP/3, QUIC, Brotli, ModSecurity, OpenResty Lua modules, the full NGINX module zoo — everything that requires a custom compile lives here. You shouldn’t have to maintain your own build pipeline just to enable HTTP/3 in 2026.

If any of that resonates, jump to the quick start below. If you’d rather poke around first, the blog has deep-dives on most of these packages — how HTTP/3 actually works, why Angie matters, the dedicated OpenSSL build, and a lot more.

Who actually uses this?

Honestly, all sorts — but most people land here for one of four reasons.

// sysadmins

Production web stacks

Running real NGINX or Angie in front of real traffic and don’t want to babysit a build server just to get HTTP/3, Brotli and ModSecurity. Install, pin, ship.

// homelab

Homelab & self-hosters

Want HTTP/3 on a Raspberry Pi or a closet server without spending three hours waiting for ./configure. Same packages, same defaults, no compile.

// containers

Docker & Kubernetes

Pulling the daily-rebuilt NGINX and Angie images with every module already compiled in — perfect for ingress, edge proxies and ephemeral pods.

// mail ops

Mail server operators

Postfix with modern TLS, Dovecot with the latest Sieve, and Rspamd already wired together — the way they should ship out of the box.

One repository, every current distro: Debian 12 Debian 13 Ubuntu 22.04 Ubuntu 24.04 Ubuntu 26.04

Featured packages

A selection of the most-used packages in this repository. The full list covers 50+ packages across web, mail, security, and system utilities.

nginx

Mainline release with HTTP/3, QUIC, Brotli, ModSecurity, and all standard modules

HTTP/3

angie

Drop-in NGINX replacement with native ACME support (no Certbot needed) and extended metrics

HTTP/3 ACME

apache2

Latest Apache HTTP Server compiled with OpenSSL 3

openssl

OpenSSL with QUIC patches applied for HTTP/3 support in NGINX and other tools

QUIC

postfix

Latest Postfix release with modern TLS and SRS support for production mail servers

Mail

dovecot

Latest Dovecot IMAP/POP3 server with Sieve plugin included

Mail

rspamd

Fast spam filtering system for Postfix and Dovecot deployments

Mail

libmodsecurity3

ModSecurity WAF library with the OWASP Core Rule Set for NGINX and Apache

WAF

libbrotli

Google Brotli compression library, required for NGINX Brotli module

Compression

redis

Latest Redis release for caching and session storage

Cache

libfido2

FIDO2 library for hardware key support (YubiKey) in OpenSSH and other tools

Security

ccache

Compiler cache to speed up repeated builds

Dev

→ NGINX modules overview · Angie modules overview · Full package list on GitHub

Supported distributions

Packages are available for all current Debian and Ubuntu releases.

Debian

Bookworm (12) Trixie (13)

Ubuntu

Jammy (22.04 LTS) Noble (24.04 LTS) Resolute (26.04)

Green = current/recommended.

Quick start

Add the myguard Debian/Ubuntu APT repository and install your first package in under a minute.

$ wget https://raw.githubusercontent.com/eilandert/deb.myguard.nl/main/myguard.deb

$ dpkg -i myguard.deb

$ apt-get update

# Web server with HTTP/3

$ apt-get install nginx

# NGINX alternative with built-in ACME/Let’s Encrypt

$ apt-get install angie

# Mail stack

$ apt-get install postfix dovecot-core rspamd

# WAF for NGINX

$ apt-get install libnginx-mod-http-modsecurity libmodsecurity3 modsecurity-crs

Need manual setup or APT pinning? → Full setup guide

Frequently asked questions

Common questions about this Debian and Ubuntu APT repository.

Why do you build your own packages instead of using the official ones?

Because the official Debian and Ubuntu repositories prioritise stability over features. They freeze versions for the lifetime of a release, and they don’t ship anything that requires a custom compile — no HTTP/3 in NGINX, no Angie at all, no ModSecurity with the OWASP CRS pre-wired, no php-snuffleupagus. We build packages because the things we run in production need those features today, not in two years when the next stable release lands.

What makes these packages different from official Debian/Ubuntu packages?

The official Debian and Ubuntu repositories freeze package versions for stability. This APT repository builds from the latest upstream releases, applies the right compile-time flags, includes extra modules such as HTTP/3 QUIC for NGINX, and ships features the official repos simply don’t carry. See the full packages list.

Is NGINX compiled with HTTP/3 and QUIC support?

Yes. The NGINX packages in this Debian/Ubuntu APT repository are compiled against openssl-nginx, enabling full HTTP/3 support — something the official packages don’t include. The Angie packages ship HTTP/3 as well. See the NGINX modules page for the full list.

What is Angie and how does it compare to NGINX?

Angie is a fork of NGINX maintained by former NGINX core developers. It is a drop-in replacement with native ACME (Let’s Encrypt) support built in — no Certbot needed — plus extended Prometheus metrics and other improvements. Read the Angie 2026 review or the NGINX to Angie migration guide. Both are available in this repository.

Will installing packages from this repo break my system?

No. APT pinning is configured automatically when you install myguard.deb, so packages from this repository take priority only where you intentionally install them. Your standard Debian or Ubuntu packages are not touched. See the full setup guide for details on how pinning works.

Is this APT repository free to use?

Yes, completely free with no registration required. If you find it useful, a donation via PayPal (nomad @ paranoid.nl) helps cover server costs. Bug reports and contributions are always welcome on GitHub.

How often are packages updated?

Packages are updated shortly after upstream releases. Docker images for NGINX and Angie are rebuilt daily. Check the changelog for recent updates, or follow new releases on the blog or watch the GitHub repository.

Does this repository support ARM / aarch64?

Most packages are currently built for amd64 (x86-64). ARM support (aarch64) is planned. Check the GitHub repository for the current architecture list. The setup guide covers all supported architectures.