apt install nginx-module-*

Prebuilt nginx modules.
Not compiled by you.

11 nginx dynamic modules packaged as apt packages for Debian and Ubuntu. Built against official nginx.org stable releases. Maintained because we run them. Ready in 60 seconds.

Quick install 
sudo install -d -m 0755 /etc/apt/keyrings

curl -fsSL https://apt.blendbyte.net/nginx/blendbyte-archive-keyring.gpg \
  | sudo tee /etc/apt/keyrings/blendbyte.gpg >/dev/null

echo "deb [signed-by=/etc/apt/keyrings/blendbyte.gpg] https://apt.blendbyte.net/nginx $(lsb_release -cs) main" \
  | sudo tee /etc/apt/sources.list.d/blendbyte.list

sudo apt update
sudo apt install nginx-module-brotli nginx-module-geoip2 nginx-module-headers-more
Requires nginx from nginx.org -- not the nginx in Debian or Ubuntu's default repos. Why?
Debian Bookworm & Trixie Ubuntu 22.04 / 24.04 / 26.04 amd64 + arm64 Updated within 24h of nginx stable Free, always

Why this exists

Sury closed their repo.
We built ours.

Ondřej Surý announced the nginx repo shutdown in December 2025 and closed it in April 2026. The alternatives either cost money or depend on a single person with a lot on their plate. We run a lot of nginx at Blendbyte (brotli, geoip2, headers-more, and a few others), so we built our own packaging pipeline and opened it up.

Installation guide Migrate from Sury →

Built in the open

No shady builds. Every step is public.

Every package is compiled on public GitHub Actions. Read the pipeline, reproduce any build, verify the output yourself. No proprietary build servers, no trust-me-bro signing.

CI pipeline
GitHub Actions ↗
Open source. Every build logged.
Repository status
Checking...
Live from apt.blendbyte.net
About Blendbyte
Small. Opinionated. Running nginx in prod.
We built this because we needed it. It's free because that's the deal.

What's in the box

11 modules. All maintained.

Only modules we actually run in production. If it's not on the list, we either don't need it or there's a better answer elsewhere.

nginx-module-brotli Compression
Brotli Compression
Your gzip was fine. Brotli is better.
Learn more →
nginx-module-brotli-static Compression
Brotli Static
Pre-compressed. Because why compress the same file at request time, forever?
Learn more →
nginx-module-zstd Compression
Zstandard Compression
Meta's compression algorithm. Faster to decompress than brotli. We ship it.
Learn more →
nginx-module-modsecurity Security
ModSecurity WAF
A web application firewall that acts before your app ever sees the request.
Learn more →
nginx-module-geoip2 Geolocation
GeoIP2 (HTTP)
Know where your traffic is coming from. Route it accordingly.
Learn more →
nginx-module-stream-geoip2 Geolocation
GeoIP2 (Stream)
GeoIP2 lookups, but for TCP and UDP traffic.
Learn more →
nginx-module-headers-more Headers
Headers More
Response headers, fully under your control. Add them, change them, nuke them entirely.
Learn more →
nginx-module-substitutions Content
Substitutions Filter
Regex find-and-replace in HTTP responses. A scalpel, not a chainsaw.
Learn more →
nginx-module-cache-purge Caching
Cache Purge
Flush the exact cache entry you want. Not the whole cache.
Learn more →
nginx-module-fancyindex Utility
Fancy Index
Directory listings that don't look like 1994 called.
Learn more →
nginx-module-dav-ext Utility
WebDAV Extension
The WebDAV methods nginx left out. PROPFIND, LOCK, UNLOCK: the ones clients actually need.
Learn more →
Migration

Coming from Sury?

The package swap is one apt transaction. Our packages declare Replaces and Conflicts so apt handles the rename automatically. Note: since Sury supported up to nginx 1.28 and we start at nginx 1.30, nginx will upgrade and restart. Module names and include paths may differ -- review your config before reloading.

Migration (one transaction) 
# Remove Sury's nginx source, add ours, and upgrade in one shot
sudo rm -f /etc/apt/sources.list.d/sury-nginx.list
sudo install -d -m 0755 /etc/apt/keyrings
curl -fsSL https://apt.blendbyte.net/nginx/blendbyte-archive-keyring.gpg \
  | sudo tee /etc/apt/keyrings/blendbyte.gpg >/dev/null
echo "deb [signed-by=/etc/apt/keyrings/blendbyte.gpg] https://apt.blendbyte.net/nginx $(lsb_release -cs) main" \
  | sudo tee /etc/apt/sources.list.d/blendbyte.list
sudo apt update && sudo apt upgrade
Full migration guide →

FAQ

Common questions

Does this work with nginx from my distro's package manager?
No. These modules are built against the official nginx.org packages, not the nginx version in Debian or Ubuntu's default repos. Install nginx from nginx.org first, then add our repository alongside it. The two apt sources coexist cleanly.
How quickly are packages updated when nginx releases a new version?
New packages are typically available within 24 hours of an nginx stable release. Run apt upgrade and you get the rebuilt modules automatically. No manual steps.
Is this free? Is there a catch?
Yes, free. No catch. Blendbyte runs these in production and packages them for the community as a side effect of that. There's no paid tier, no vendor lock-in. You can pin to our repo or take the packages elsewhere.
Which Linux distributions are supported?
Debian Bookworm, Debian Trixie, Ubuntu 22.04 LTS (Jammy), Ubuntu 24.04 LTS (Noble), and Ubuntu 26.04 LTS (Resolute Raccoon). Both amd64 and arm64 for all distros.
I need a module that is not listed here. Can I request it?
Open an issue on GitHub and attach a maintainer. We only add modules that someone commits to maintaining: reviewing version bumps, responding to build failures, and watching security advisories. Requests without a maintainer close without action. It's a small project and that's how it stays manageable.
How do I know the packages are safe?
Every package is compiled on public GitHub Actions. The full build and release pipeline is open source, so you can read every step, reproduce any build, and verify the output yourself. No proprietary build servers, no opaque signing ceremonies. If something looks off, open an issue.
What happened to the Sury nginx repository?
Ondřej Surý announced in December 2025 that the Sury nginx repository was shutting down, closed it in April 2026, and has since removed everything. The repo is gone. We built a migration path with drop-in replacement packages so you can switch in one apt transaction. See the migration guide.