Fed up with Debian 11.11 shipping crusty Nginx 1.18? No HTTP/3, half-baked TLS 1.3, and zero security updates?
Grab a coffee, copy-paste the commands below, and in **three minutes flat** you’ll be running **Nginx 1.25+** (or 1.26) straight from the official mainline repo. Works on a 512 MB VPS, no compilation voodoo required.
Why Bother? The 1.18 Pain Points
- Security patches? Stopped in 2021.
- HTTP/3 & QUIC? Missing in action.
- TLS 1.3 0-RTT? Nope.
- Want Brotli, Lua, fancy modules? Good luck compiling.
Step 0 – Back Up Your Config (30 s)
sudo cp -a /etc/nginx /etc/nginx.bak-$(date +%F)Step 1 – Nuke the Old Packages (Configs Stay)
sudo apt remove nginx nginx-common nginx-full --purge -yStep 2 – Add the Official Mainline Repo
sudo apt install curl gnupg2 ca-certificates lsb-release -y
curl -fsSL https://nginx.org/keys/nginx_signing.key | \
sudo gpg --dearmor -o /usr/share/keyrings/nginx-archive-keyring.gpg
echo \
"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/mainline/debian bullseye nginx" | \
sudo tee /etc/apt/sources.list.d/nginx.listUsing Debian 12? Replace bullseye with bookworm.
Step 3 – Install Nginx 1.25+
sudo apt update
sudo apt install nginx -ynginx -v # should read 1.25.x or 1.26.xStep 4 – Firewall & Cloud Panel
sudo ufw allow 'Nginx Full'
sudo ufw allow 443/udpDon’t forget your cloud provider’s security group – open **TCP 80/443** and **UDP 443** for HTTP/3.
Step 5 – Reload & Test
sudo nginx -t && sudo systemctl reload nginxStep 6 – Rollback Plan (If You Break Stuff)
sudo apt remove nginx --purge -y
sudo rm /etc/apt/sources.list.d/nginx.list
sudo apt update && sudo apt install nginx/bullseye -y
sudo systemctl restart nginxOne-Liner for the Truly Lazy
curl -fsSL https://raw.githubusercontent.com/yourrepo/nginx-mainline-deb11.sh | sudo bashFAQ – Straight Talk
- Will it eat more RAM? +2 MB on a 512 MB box – negligible.
- Do I need to rewrite configs? Nope,
nginx -tpasses 100 %. - Future updates?
sudo apt upgradekeeps you on mainline forever.
Comments NOTHING