Alpine Linux image with Nginx 1.16.1 with HTTP/3 (QUIC), TLSv1.3, 0-RTT, brotli, NJS support, and 10 MB size. All built on the bleeding edge for max performance. Built on the edge, for the edge.
Alpine Linux image with nginx 1.16.1
with HTTP/3 (QUIC), TLSv1.3, 0-RTT,
brotli, NJS, Cookie-Flag support. All built on the bleeding edge. Built on the
edge, for the edge.
HTTP/3 support provided from the smart people at CloudFlare with the cloudflare/quiche project.
Images for this are available on Docker Hub and GHCR.
Docker Hub: docker pull ranadeeppolavarapu/nginx-http3
GitHub Container Registry (GHCR):
docker pull ghcr.io/ranadeeppolavarapu/nginx-http3
This is a base image like the default nginx image. It is meant to be used as a drop-in replacement for the nginx base image.
Best practice example Nginx configs are available in this repo. See nginx.conf and h3.nginx.conf.
Example:
# Base Nginx HTTP/3 Image
FROM ranadeeppolavarapu/nginx-http3:latest
# Copy your certs.
COPY localhost.key /etc/ssl/private/
COPY localhost.pem /etc/ssl/
# Copy your configs.
COPY nginx.conf /etc/nginx/
COPY h3.nginx.conf /etc/nginx/conf.d/
H3 runs over UDP so, you will need to port map both TCP and UDP. Ex:
docker run -p 80:80 -p 443:443/tcp -p 443:443/udp ...
NOTE: Please note that you need a valid CA signed certificate for the client to upgrade you to HTTP/3. Let's Encrypt is a option for getting a free valid CA signed certificate.
Contributions are welcome. Please feel free to contribute ?.
Possible additions in the future pending IETF spec approvals.
Using Chrome Canary with the following CLI flags:
--flag-switches-begin --enable-quic --quic-version=h3-29 --enable-features=EnableTLS13EarlyData --flag-switches-end
Run on Mac OS (darwin):
"/Applications/Google Chrome Canary.app Contents/MacOS/Google Chrome Canary" \
--flag-switches-begin \
--enable-quic \
--quic-version=h3-29 \
--enable-features=EnableTLS13EarlyData \
--flag-switches-end
Windows:
Since HTTP/3 is experimental, we have to be sensible with it. Therefore, below is HTTP/3 in production on one of my web apps ?.
host=domain.example.com # Replace your domain.
echo -e "GET / HTTP/1.1\r\nHost: $host\r\nConnection: close\r\n\r\n" > request.txt
openssl s_client -connect $host:443 -tls1_3 -sess_out session.pem -ign_eof < request.txt
openssl s_client -connect $host:443 -tls1_3 -sess_in session.pem -early_data request.txt