A complete nginx stack + nginx modules + optimizations

Goal is to have a full fledged http proxy/ssl terminator for my minimal configured lxc/docker/wordpress/magento/opencart instances while keeping security and performance in mind.

I don’t personally use all nginx modules, since some are requested by readers like you.

Please see this page on how to set up apt-get.

HTTP3:
Taken from this page: “Our current target for completing the code merge into the NGINX mainline branch is the end of 2021”
There is already a OpenSSL3 build on this repo, so this means that we should have HTTP3 support available soon!


Features:

  • Now with OPENSSL3, please add http://deb.paranoid.nl/openssl3 to your apt sources or install myguard.deb
  • Latest Mainline. (and not stable).
  • Removed debian/ubuntu branding in server signature
  • Optimized nginx.conf
  • Build with file AIO support (better performance for eg ZFS)
  • Compiled with -O3 -flto to squeeze some extra % performance.
  • Added HTTP2 HPACK Encoding Support. (Cloudflare patch)
  • Added Optimizing TLS over TCP to reduce latency (Cloudflare patch)
    (please add ssl_dyn_rec_enable on; to the http{} block)
  • Build with Cloudflare’s zlib for faster compression
  • Linked all builds against latest OpenSSL so there is ALPN and TLS1.3 support
  • Linked with jemalloc for faster memory allocation on multicore systems
  • Added /etc/nginx/snippets/ssl.conf.example, should give A+ on SSLLABS
  • Added additional bots/security/hardening/proxy examples in snippets/
    (Some of the snippets are inspired on https://calomel.org/nginx.html)
  • Pagespeed: Seperately build PSOL (Page Speed Optimalisation Library) per distro
  • Docker image is on the docker hub (daily rebuilds)
  • The modsecurity core ruleset (crs, from git) is rebuilt once a week.

Extra NGINX modules build from git

Including default Ubuntu nginx modules:

  • libnginx-mod-http-auth-pam PAM authentication module for Nginx
  • libnginx-mod-http-cache-purge Purge content from Nginx caches
  • libnginx-mod-http-dav-ext WebDAV missing commands support for Nginx
  • libnginx-mod-http-echo Bring echo and more shell style goodies to Nginx
  • libnginx-mod-http-fancyindex Fancy indexes module for the Nginx
  • libnginx-mod-http-geoip GeoIP HTTP module for Nginx
  • libnginx-mod-http-geoip2 GeoIP2 HTTP module for Nginx
  • libnginx-mod-http-image-filter HTTP image filter module for Nginx
  • libnginx-mod-http-ndk Nginx Development Kit module
  • libnginx-mod-http-perl Perl module for Nginx
  • libnginx-mod-http-subs-filter Substitution filter module for Nginx
  • libnginx-mod-http-uploadprogress Upload progress system for Nginx
  • libnginx-mod-http-upstream-fair Nginx Upstream Fair Proxy Load Balancer
  • libnginx-mod-http-xslt-filter XSLT Transformation module for Nginx
  • libnginx-mod-mail Mail module for Nginx
  • libnginx-mod-nchan Fast, flexible pub/sub server for Nginx
  • libnginx-mod-rtmp RTMP support for Nginx
  • libnginx-mod-stream Stream module for Nginx
  • libnginx-mod-stream-geoip GeoIP Stream module for Nginx
  • libnginx-mod-stream-geoip2 GeoIP2 Stream module for Nginx

Standalone Libraries included:

If you like my packages, consider buying me a coffee! paypal nomad @ paranoid.nl