diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 166d9491221e3714f7919700d37c4a89bdf7f41c..a6535b61cde164d798d0d947a029490170182e97 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -27,15 +27,6 @@ adcli:
     paths:
       - packages/*
 
-nginx:
-  stage: build
-  script: scripts/nginx-shib.sh
-  only:
-    - master
-  artifacts:
-    paths:
-      - packages/*
-
 ganeti:
   stage: build
   script: scripts/ganeti.sh
diff --git a/README.md b/README.md
index 571729d4691138ed2b1a6de7aebff08b085fe14c..39e2a53e13e92a491e5eb33824ab8540f1cb50c7 100644
--- a/README.md
+++ b/README.md
@@ -23,6 +23,5 @@ The packages are uploaded to the CI artifacts after build.
 - `adcli` uses upstream patches from master (GPL licensed)
 - [`ganeti`](README.ganeti.md)
 - `grml-zsh-config` takes the `grml-etc-core` package and throws out everything but zsh config
-- `nginx` builds nginx with the nginx-shib-module
 - `sssd` backports the sssd-package from buster
 
diff --git a/patches/nginx/00-add-module.patch b/patches/nginx/00-add-module.patch
deleted file mode 100644
index 0afe8bd0b92a18d97522674be575a4717b7f7225..0000000000000000000000000000000000000000
--- a/patches/nginx/00-add-module.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-diff -Naur debian/control debian/control
---- debian/control	2018-03-26 20:56:56.476543112 +0200
-+++ debian/control	2018-03-26 21:01:51.812104005 +0200
-@@ -71,6 +71,7 @@
- Package: nginx-full
- Architecture: any
- Depends: libnginx-mod-http-auth-pam (= ${binary:Version}),
-+         libnginx-mod-http-shibboleth (= ${binary:Version}),
-          libnginx-mod-http-dav-ext (= ${binary:Version}),
-          libnginx-mod-http-echo (= ${binary:Version}),
-          libnginx-mod-http-geoip (= ${binary:Version}),
-@@ -142,6 +143,7 @@
- Architecture: any
- Priority: extra
- Depends: libnginx-mod-http-auth-pam (= ${binary:Version}),
-+         libnginx-mod-http-shibboleth (= ${binary:Version}),
-          libnginx-mod-http-cache-purge (= ${binary:Version}),
-          libnginx-mod-http-dav-ext (= ${binary:Version}),
-          libnginx-mod-http-echo (= ${binary:Version}),
-@@ -259,6 +261,20 @@
-  The module uses PAM as a backend for simple http authentication. It
-  also allows setting the pam service name to allow more fine grained control.
- 
-+Package: libnginx-mod-http-shibboleth
-+Architecture: any
-+Depends: ${misc:Depends}, ${shlibs:Depends}
-+Description: Shibboleth authentication module for Nginx
-+ The nginx_http_shibboleth module enables authentication using Shibboleth.
-+ .
-+ This module allows Nginx to work with Shibboleth, by way of Shibboleth's
-+ FastCGI authorizer. This module requires specific configuration in order
-+ to work correctly, as well as Shibboleth's FastCGI authorizer application
-+ available on the system. It aims to be similar to parts of Apache's
-+ mod_shib, though Shibboleth authorisation and authentication settings
-+ are configured via shibboleth2.xml rather than in the web server
-+ configuration.
-+
- Package: libnginx-mod-http-lua
- Architecture: any
- Depends: libnginx-mod-http-ndk (= ${binary:Version}),
-diff -Naur debian/libnginx-mod.conf/mod-http-shibboleth.conf debian/libnginx-mod.conf/mod-http-shibboleth.conf
---- debian/libnginx-mod.conf/mod-http-shibboleth.conf	1970-01-01 01:00:00.000000000 +0100
-+++ debian/libnginx-mod.conf/mod-http-shibboleth.conf	2018-03-26 21:04:54.131246344 +0200
-@@ -0,0 +1 @@
-+load_module modules/ngx_http_shibboleth_module.so;
-diff -Naur debian/rules debian/rules
---- debian/rules	2018-03-26 20:56:56.604548119 +0200
-+++ debian/rules	2018-03-26 21:03:00.054777450 +0200
-@@ -13,6 +13,7 @@
- FLAVOURS := full light extras
- DYN_MODS := \
- 	http-auth-pam \
-+	http-shibboleth \
- 	http-cache-purge \
- 	http-dav-ext \
- 	http-echo \
-@@ -103,6 +104,7 @@
- 			--with-mail=dynamic \
- 			--with-mail_ssl_module \
- 			--add-dynamic-module=$(MODULESDIR)/nginx-auth-pam \
-+			--add-dynamic-module=$(MODULESDIR)/nginx-http-shibboleth \
- 			--add-dynamic-module=$(MODULESDIR)/nginx-dav-ext-module \
- 			--add-dynamic-module=$(MODULESDIR)/nginx-echo \
- 			--add-dynamic-module=$(MODULESDIR)/nginx-upstream-fair \
-@@ -128,6 +130,7 @@
- 			--with-stream_ssl_module \
- 			--add-dynamic-module=$(MODULESDIR)/headers-more-nginx-module \
- 			--add-dynamic-module=$(MODULESDIR)/nginx-auth-pam \
-+			--add-dynamic-module=$(MODULESDIR)/nginx-http-shibboleth \
- 			--add-dynamic-module=$(MODULESDIR)/nginx-cache-purge \
- 			--add-dynamic-module=$(MODULESDIR)/nginx-dav-ext-module \
- 			--add-dynamic-module=$(MODULESDIR)/nginx-development-kit \
diff --git a/scripts/nginx-shib.sh b/scripts/nginx-shib.sh
deleted file mode 100755
index 802898611be3244b05b4ace66bef9a8dc43a7964..0000000000000000000000000000000000000000
--- a/scripts/nginx-shib.sh
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/bin/bash
-
-source "${BASH_SOURCE%/*}/common.sh"
-
-get_sources nginx buster
-cd debian
-cp libnginx-mod.nginx.skeleton libnginx-mod-http-shibboleth.nginx
-cd modules
-git clone "https://github.com/nginx-shib/nginx-http-shibboleth.git"
-cd ../..
-patch -d . -p0 < ../patches/nginx/00-add-module.patch
-
-dch_custom "Add libnginx-mod-http-shibboleth"
-install_build_deps
-build
-test_install
-prepare_artifacts