yes compilation itself is not the problem here. Problem is more maintaining the whole stuff. Keep e.g. sure OpenSSL is up to date linked in your nginx is a good example (what a nightmare). Also getting nginx running and configuring like a standard Ubuntu one is not out of the box. This are all extra step which not everybody wants to deal with.
IIRC, OpenSSL is dynamically linked by default in a custom compiled nginx — the same as it would be if you didn't custom compile it, and you have the same amount of work either way maintaining OpenSSL. I maintain a custom compile of nginx, but the custom ends at the boundary of nginx: it uses Ubuntu's libssl, so OpenSSL patches that make it to Ubuntu apply normally to my custom build. The config for nginx is the same: /etc/nginx/…. I can tell you it's exactly the same, as we transitioned from a config from Ubuntu stock nginx to my custom build (and went up a version) with zero issues.
The only real thing that is different is the binary itself, and the installation location. (But I did the latter on purpose, because I didn't want to collide with apt/dpkg's management of /usr/bin.)
Thanks for the information! I will keep this in mind next time. It was some time ago the last time I used custom compiled nginx. Seemed I used a statically linked OpenSSL (which had this downsides). I informed myself a littlebit more here https://www.nginx.com/blog/nginx-and-the-heartbleed-vulnerab...
