Docker Nginx Http3 Save Abandoned

Alpine Linux image with Nginx 1.16.1 with HTTP/3 (QUIC), TLSv1.3, 0-RTT, brotli, NJS support, and 10 MB size. All built on the bleeding edge for max performance. Built on the edge, for the edge.

Project README

docker-nginx-http3

GitHub

Alpine Linux image with nginx 1.16.1 with HTTP/3 (QUIC), TLSv1.3, 0-RTT, brotli, NJS, Cookie-Flag support. All built on the bleeding edge. Built on the edge, for the edge.

HTTP/3 support provided from the smart people at CloudFlare with the cloudflare/quiche project.

Images for this are available on Docker Hub and GHCR.

Usage

Docker Hub: docker pull ranadeeppolavarapu/nginx-http3

GitHub Container Registry (GHCR): docker pull ghcr.io/ranadeeppolavarapu/nginx-http3

This is a base image like the default nginx image. It is meant to be used as a drop-in replacement for the nginx base image.

Best practice example Nginx configs are available in this repo. See nginx.conf and h3.nginx.conf.

Example:

# Base Nginx HTTP/3 Image
FROM ranadeeppolavarapu/nginx-http3:latest

# Copy your certs.
COPY localhost.key /etc/ssl/private/
COPY localhost.pem /etc/ssl/

# Copy your configs.
COPY nginx.conf /etc/nginx/
COPY h3.nginx.conf /etc/nginx/conf.d/

H3 runs over UDP so, you will need to port map both TCP and UDP. Ex: docker run -p 80:80 -p 443:443/tcp -p 443:443/udp ...

NOTE: Please note that you need a valid CA signed certificate for the client to upgrade you to HTTP/3. Let's Encrypt is a option for getting a free valid CA signed certificate.

Contributing

Contributions are welcome. Please feel free to contribute ?.

Features

HTTP/3 (QUIC) via CloudFlare's quiche
HTTP/2 (with Server Push)
HTTP/2
BoringSSL (Google's flavor of OpenSSL)
TLS 1.3 with 0-RTT support
Brotli compression
headers-more-nginx-module
NJS
nginx_cookie_flag_module
PCRE latest with JIT compilation enabled
zlib latest
Alpine Linux (total size of 10 MB compressed)

Future Additions

Possible additions in the future pending IETF spec approvals.

Facebook's zstd over the web

HTTP/3 ENABLED!

Using Chrome Canary with the following CLI flags:

--flag-switches-begin --enable-quic --quic-version=h3-29 --enable-features=EnableTLS13EarlyData --flag-switches-end

Run on Mac OS (darwin):

"/Applications/Google Chrome Canary.app Contents/MacOS/Google Chrome Canary" \
  --flag-switches-begin \
  --enable-quic \
  --quic-version=h3-29 \
  --enable-features=EnableTLS13EarlyData \
  --flag-switches-end

Windows:

Windows Chrome Canary

HTTP/3 (QUIC) Proof

Since HTTP/3 is experimental, we have to be sensible with it. Therefore, below is HTTP/3 in production on one of my web apps ?.

HTTP/2 with Server Push

alt

TLS v1.3

ssllabs

0-RTT Proof

tls-0-rtt

Testing 0-RTT

host=domain.example.com # Replace your domain.
echo -e "GET / HTTP/1.1\r\nHost: $host\r\nConnection: close\r\n\r\n" > request.txt
openssl s_client -connect $host:443 -tls1_3 -sess_out session.pem -ign_eof < request.txt
openssl s_client -connect $host:443 -tls1_3 -sess_in session.pem -early_data request.txt

Open Source Agenda is not affiliated with "Docker Nginx Http3" Project. README Source: RanadeepPolavarapu/docker-nginx-http3

Stars

892

Open Issues

Last Commit

2 years ago

License

MIT

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/docker-nginx-http3"><img src="https://www.opensourceagenda.com/projects/docker-nginx-http3/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022