// Page

Packages

Packages

deb.myguard.nl is a free, community-driven APT repository providing optimized and security-focused packages for Debian and Ubuntu production servers. Every package is compiled with the right flags, linked against the right libraries, and updated within hours of upstream releases — no waiting for Debian stable freezes.

Why choose these packages?

  • Performance-first builds: Compiled with the right optimization flags and linked against updated libraries like jemalloc where it makes a real difference.
  • Latest upstream versions: NGINX mainline, current Dovecot, fresh Rspamd — no backport delays.
  • HTTP/3 ready: NGINX and Angie linked against openssl-nginx with full QUIC support.
  • Security defaults: ModSecurity WAF, php-snuffleupagus, and modern TLS configurations included.
  • Multi-distro: Debian 12 (Bookworm), Debian 13 (Trixie), Ubuntu 22.04/24.04/26.04.
  • GPG-signed: Every package signed and delivered via modern signed-by APT configuration.

To add this repository to your server, see the setup guide — it takes under two minutes.

Web servers & proxies

The web server packages are the flagship of this repository. NGINX and Angie are compiled with 50+ dynamic modules, HTTP/3 QUIC support, and performance optimizations not available in the official Debian or Ubuntu packages. Load only the modules you need — no recompilation required.

  • nginx — Mainline NGINX with HTTP/3, QUIC, Brotli, ModSecurity, GeoIP2, Lua, NJS and 50+ dynamic modules. See the full module list.
  • angie — Drop-in NGINX replacement by the original NGINX authors. Native ACME/Let’s Encrypt without Certbot, JSON status API, HTTP/3. See Angie modules.
  • apache2 — Latest Apache HTTP Server compiled with OpenSSL 3 and performance optimizations.

Mail & communication

A complete mail server stack — all packages built to work together and updated alongside each other. Postfix, Dovecot, and Rspamd form the standard production combination.

  • postfix — High-performance mail transport agent with modern TLS and SRS support.
  • dovecot — Secure IMAP/POP3 server with Sieve plugin included.
  • rspamd — Fast spam filtering for Postfix and Dovecot deployments.
  • rspamd-git — Daily git master build of Rspamd for bleeding-edge deployments.
  • unbound — Validating DNS resolver with DNS-over-HTTPS support.

Security & protection

Security packages range from the ModSecurity WAF (for blocking attacks at the web server level) to php-snuffleupagus (for hardening PHP-FPM from the inside). These are the packages that turn a standard server into a hardened one.

  • libmodsecurity3 — ModSecurity v3 WAF library with OWASP Core Rule Set support.
  • modsecurity-crs — OWASP ModSecurity Core Rule Set for NGINX and Apache.
  • php-snuffleupagus — PHP security module that blocks SQL injection, XSS, and dangerous functions inside PHP-FPM.
  • libfido2 — FIDO2 library for hardware key support (YubiKey) in OpenSSH and other tools.
  • clamav — Anti-virus for Unix mail gateways and file servers.

OpenSSL & cryptography

Multiple OpenSSL builds for different use cases. The standout is openssl-nginx — a dedicated build compiled specifically for NGINX and Angie with QUIC patches and kTLS support baked in.

  • openssl-nginx — Dedicated OpenSSL build for NGINX and Angie. Includes QUIC patches, kTLS, and is kept in sync with NGINX mainline releases.
  • openssl / openssl3 / openssl31 / openssl32 — Various OpenSSL versions with QUIC support for general system use.

Compression & performance libraries

These libraries are what the NGINX and Angie builds link against to deliver Brotli and Zstd compression out of the box.

  • libbrotli — Google Brotli compression library. Required for the NGINX Brotli module.
  • libzstd — Facebook Zstd compression. Faster than gzip at equivalent ratios.
  • zlib-ng — Drop-in zlib replacement with SIMD optimizations. NGINX links against this instead of system zlib.

Memory allocators

Better memory allocators reduce fragmentation and improve throughput under sustained load — particularly relevant for long-running NGINX worker processes.

  • jemalloc — High-performance allocator with arena-based design. Used by Firefox, Redis, and FreeBSD.
  • mimalloc — Microsoft’s compact general-purpose allocator with excellent multi-threaded performance.

Lua & scripting

The full OpenResty Lua stack — packaged for use with the NGINX and Angie Lua modules without needing to compile anything. See the Lua modules page for the complete list of lua-resty-* packages.

  • luajit2 — OpenResty’s LuaJIT 2 with extra patches. The JIT engine behind NGINX Lua scripting.
  • lua-cjson — Fast JSON encoder/decoder for Lua.
  • lua-resty-* — All OpenResty lua-resty modules: Redis, MySQL, HTTP, JWT, OpenID Connect, WebSocket and more.

Database & caching

  • redis / redis7 — Latest Redis release for caching and session storage.
  • valkey — High-performance Redis-compatible key-value store.
  • libhiredis — Minimalistic C client library for Redis protocol.

Build & development tools

  • ccache — Compiler cache for fast C/C++ recompilation. Speeds up repeated NGINX module builds significantly.
  • rust — Rust systems programming language toolchain.
  • git — Latest Git version control system.

All packages are GPG-signed and available for Debian 12 (Bookworm), Debian 13 (Trixie), Ubuntu 22.04 (Jammy), Ubuntu 24.04 (Noble), and Ubuntu 26.04 (Resolute). → Add the repository