Skip to main content
100% Free

NGINX Modules APT Repository for Ubuntu and Debian

100+ pre-built NGINX dynamic modules for Debian and Ubuntu, both amd64 and arm64. No signup, no auth, just apt install.

Set up the repo Browse modules
100+
Modules
6
Distro Codenames
2
Architectures
$0
to install

Why a third-party APT repository?

The stock nginx package on Debian and Ubuntu ships a minimal module set. Dynamic modules that aren't in the base distro repos — ModSecurity v3, brotli, GeoIP2, JWT, TOTP, NJS extras, naxsi — typically force you to either build NGINX from source on every release, or pin a fork like OpenResty and accept its ecosystem boundaries.

A maintained third-party APT repository solves that. You stay on the stock distro nginx (or nginx.org's mainline), apt install nginx-module-* for what you need, and let apt upgrade handle ABI-compatible bumps as new NGINX point releases land. No rebuild step, no compiler on the box, no drift between fleet members.

That's the gap the GetPageSpeed NGINX modules APT repository fills, for 100+ modules across every category a production NGINX deployment needs.

Quick install example

# Install the keyring
sudo install -d -m 0755 /etc/apt/keyrings
curl -fsSL https://extras.getpagespeed.com/deb-archive-keyring.gpg \
  | sudo tee /etc/apt/keyrings/getpagespeed.gpg >/dev/null

# Add the APT source for your codename (use the
# generator at apt-nginx-extras.getpagespeed.com/apt-setup/)

# Install a module
sudo apt-get update
sudo apt-get install nginx-module-modsecurity

# Enable in nginx.conf
load_module modules/ngx_http_modsecurity_module.so;

# Reload NGINX
sudo systemctl reload nginx

No compilation | No signup | amd64 + arm64

Featured NGINX Modules

Popular modules from the repo, each one a single apt install away

ModSecurity WAF

nginx-module-modsecurity

Enterprise-grade Web Application Firewall (WAF) for NGINX. Protect against SQL injection, XSS, and OWASP Top 10 vulnerabilities with the industry-standard ModSecurity v3 engine.

OWASP Core Rule Set SQL injection protection XSS prevention Real-time monitoring
Module docs

Brotli Compression

nginx-module-brotli

Google's Brotli compression algorithm for 15-25% better compression than GZIP. Reduces bandwidth costs and improves page load times for text-based content. Static and dynamic variants.

Better than GZIP Static + dynamic All text content Pre-compressed assets
Module docs

GeoIP2 Database

nginx-module-geoip2

MaxMind GeoIP2 integration for NGINX. Enable geo-targeting, region-based access control, and location-aware content delivery with accurate IP geolocation. HTTP and stream contexts.

Country/city detection Access control Stream + HTTP MaxMind support
Module docs

JWT Authentication

nginx-module-jwt

Validate JWT tokens at the edge for API authentication and stateless authorization. Drop-in alternative to NGINX Plus's commercial JWT module, no per-server license required.

RS256 / HS256 JWKS support Edge auth No license cost
Module docs

Headers More

nginx-module-headers-more

Set, add, and clear arbitrary HTTP request and response headers from NGINX configuration. The OpenResty workhorse for fine-grained header manipulation without Lua.

Add / clear / set Per-status filtering Request + response OpenResty quality
Module docs

Lua Scripting

nginx-module-lua

Embed Lua scripting directly in NGINX configuration. Complex routing logic, custom auth, dynamic content, and API gateways without recompiling NGINX. A complete OpenResty alternative.

OpenResty compatible Async I/O Redis/MySQL access Custom logic
Module docs

And dozens more

A representative slice across auth, security, observability, streaming, and rate limiting

nginx-module-auth-totp

Time-based one-time password (TOTP) authentication at the NGINX edge

nginx-module-auth-ldap

LDAP authentication for NGINX with caching and TLS

nginx-module-zstd

Zstandard compression filter, faster decompression than Brotli

nginx-module-security-headers

Automatic security headers (HSTS, CSP, X-Frame-Options) with sane defaults

nginx-module-length-hiding

Randomize response size to defeat TLS metadata analysis

nginx-module-html-sanitize

On-the-fly HTML output sanitization with allowlist tag rules

nginx-module-cache-purge

Purge cached content selectively from NGINX proxy cache

nginx-module-dynamic-etag

Conditional GET for dynamic pages with computed ETag headers

nginx-module-immutable

Far-future Cache-Control: immutable for static assets

nginx-module-njs

Official NGINX JavaScript (njs) scripting language

nginx-module-naxsi

High-performance WAF with learning mode

nginx-module-rtmp

Turn NGINX into an RTMP / HLS / DASH streaming server

nginx-module-spnego-http-auth

Kerberos / SPNEGO authentication for intranet NGINX

nginx-module-push-stream

HTTP long-polling and SSE pub/sub messaging

nginx-module-graphite

Push NGINX metrics to a Graphite carbon receiver

Browse the full pool index   View documentation

How this APT repository compares

vs the Debian / Ubuntu options for getting NGINX dynamic modules onto your servers

Approach Module count arm64 support Cost
GetPageSpeed Extras (this repo) 100+ modules Yes, every codename Free
Stock distro nginx modules ~10 modules Yes Free
Sury successors / single-maintainer APT repos ~10 modules Varies Free
Build NGINX from source per host Any module you compile Yes Engineering time
OpenResty bundle OpenResty ecosystem only Yes Free

Need the same modules on RHEL, SLES, Amazon Linux, or Fedora? The RPM tier ships the same catalog with the same names and versions.

Get started in 2 steps

Anonymous APT repo, no signup, working apt install in under a minute

1

Install the keyring + source

Run the setup generator for your codename, or paste the snippet directly:

sudo install -d -m 0755 /etc/apt/keyrings
curl -fsSL https://extras.getpagespeed.com/deb-archive-keyring.gpg \
  | sudo tee /etc/apt/keyrings/getpagespeed.gpg >/dev/null

# Then add the matching sources.list.d entry
# for your codename + arch
2

Install modules

Pick what you need from the 100+ module catalog. ABI-matched to the stock nginx package on your codename.

sudo apt-get update
sudo apt-get install \
  nginx-module-modsecurity \
  nginx-module-brotli \
  nginx-module-geoip2

# Add load_module directives to nginx.conf,
# then reload NGINX
Open the setup generator

No account, no payment, no rate limit on anonymous access.

Supported Distributions

Every supported codename has its own pool, with stable and (where available) mainline NGINX tracks

Ubuntu 24.04 LTS (noble), 22.04 LTS (jammy), 20.04 LTS (focal), 18.04 (bionic)
Debian 13 (trixie), 12 (bookworm)

All packages built for amd64 and arm64. Mainline NGINX variants ship for Focal, Jammy, Noble, Bookworm, and Trixie.

Frequently Asked Questions

Everything you need to know about the APT NGINX modules repository

Yes, free, and no account needed. The APT repo is anonymous. Set up the keyring and source list as shown in the setup docs, then apt install nginx-module-* for any of the 100+ modules.

The RPM repository (for RHEL, SLES, Amazon Linux, and Fedora) is subscription-based; the DEB side is open.

The stock distro nginx package on each supported codename. For NGINX mainline, use the -mainline pool variant where available (Focal, Jammy, Noble, Bookworm, Trixie).

Each codename has its own pool, so module ABI compatibility against the distro NGINX (or the mainline variant) is handled per-release. You do not need to recompile or pin a custom NGINX build.

Ubuntu 18.04 (bionic), 20.04 LTS (focal), 22.04 LTS (jammy), and 24.04 LTS (noble). Debian 12 (bookworm) and 13 (trixie). Both amd64 and arm64 for every codename. Mainline NGINX support is shipped as a separate -mainline pool for distros that get it.

Yes. The RPM tier ships the same nginx-module-* catalog on Red Hat-family distros with the same names and versions. If your fleet mixes Debian-family and Red Hat-family hosts, you get one mental model, one set of upstream module versions, and one place to file bugs.

Every module rebuilds on each upstream tag and on each nginx point-release ABI bump. Builds run through a CI matrix across all six supported codenames on both amd64 and arm64, so a Bookworm arm64 host gets the same module versions as a Noble amd64 host on the same day.

Security fixes from upstream module repositories flow through within the same release cadence, and you can pin versions in /etc/apt/preferences.d/ if you need to.

NGINX-MOD is the GetPageSpeed-built NGINX with the most useful modules statically compiled in (active health checks, dynamic upstream API), plus performance patches and faster TLS. Drop-in replacement for the stock nginx package, same configuration format.

Now available as a DEB for Ubuntu 22.04 (jammy), Ubuntu 24.04 (noble), and Debian 12 (bookworm): apt-get install nginx-mod from the ${codename}-nginx-mod APT suite. It also brings the extended limit_req_rate units (r/h, r/d, r/w, r/M, r/Y) that stock NGINX does not support.

Open a ticket with the upstream repository URL and a one-line description. Most module requests land within a release cycle.

Related services and resources

Complete your NGINX stack with the rest of the GetPageSpeed offering

NGINX-MOD

Optimized NGINX build with these modules baked in

Learn more

RPM Repository

Same module catalog for RHEL, SLES, Amazon Linux

View tiers

NGINX Blog

100+ tutorials and configuration guides

Browse articles

NGINX Audit

Expert audit and implementation services

Learn more

Ready to skip the source-build cycle?

Set up the APT repo in under a minute. 100+ modules, no signup, no cost.

Open the setup generator