Skip to content
Alpine Linux image with Nginx with HTTP/3 (QUIC), TLSv1.3, 0-RTT, brotli support. All built on the bleeding edge for max performance. Built on the edge, for the edge.
Dockerfile
Branch: master
Clone or download
RanadeepPolavarapu docs: add docker image size
Signed-off-by: Ranadeep Polavarapu <ranadeep@icloud.com>
Latest commit 1c35c8e Nov 8, 2019

README.md

docker-nginx-http3

Docker Pulls Docker Cloud Build Status Docker Cloud Automated build MicroBadger GitHub Contributor Covenant

Alpine Linux image with nginx with HTTP/3 (QUIC), TLSv1.3, 0-RTT, brotli support. All built on the bleeding edge. Built on the edge, for the edge.

HTTP/3 support provided from the smart people at CloudFlare with the cloudflare/quiche project.

Images for this are available on Docker Hub.

docker pull ranadeeppolavarapu/nginx-http3

Usage

This is a base image like the default nginx image. It is meant to be used as a drop-in replacement for the nginx base image.

Best practice example Nginx configs are available in this repo. See nginx.conf and h3.nginx.conf.

Example:

# Base Nginx HTTP/3 Image
FROM ranadeeppolavarapu/nginx-http3:latest

# Copy your certs.
COPY localhost.key /etc/ssl/private/
COPY localhost.pem /etc/ssl/

# Copy your configs.
COPY nginx.conf /etc/nginx/
COPY h3.nginx.conf /etc/nginx/conf.d/

H3 runs over UDP so, you will need to port map both TCP and UDP. Ex: docker run -p 80:80 -p 443:443/tcp -p 443:443/udp ...

NOTE: Please note that you need a valid CA signed certificate for the client to upgrade you to HTTP/3. Let's Encrypt is a option for getting a free valid CA signed certificate.

Contributing

Contributions are welcome. Please feel free to contribute 😊.

Features

  • HTTP/3 (QUIC) via CloudFlare's quiche
  • HTTP/2 (with Server Push)
  • HTTP/2
  • BoringSSL (Google's flavor of OpenSSL)
  • TLS 1.3 with 0-RTT support
  • Brotli compression
  • headers-more-nginx-module
  • Alpine Linux (total size of 9 MB compressed)

Future Additions

Possible additions in the future pending IETF spec approvals.

HTTP/3 ENABLED!

Using Chrome Canary with the following CLI flags:

--flag-switches-begin --enable-quic --quic-version=h3-23 --enable-features=EnableTLS13EarlyData --flag-switches-end

Run on Mac OS (darwin):

"/Applications/Google Chrome Canary.app Contents/MacOS/Google Chrome Canary" \
  --flag-switches-begin \
  --enable-quic \
  --quic-version=h3-23 \
  --enable-features=EnableTLS13EarlyData \
  --flag-switches-end

Windows:

Windows Chrome Canary

HTTP/3 (QUIC) Proof

Since HTTP/3 is experimental, we have to be sensible with it. Therefore, below is HTTP/3 in production on one of my web apps 🙃.

h3

HTTP/2 with Server Push

alt

TLS v1.3

ssllabs

0-RTT Proof

tls-0-rtt

Testing 0-RTT

host=domain.example.com # Replace your domain.
echo -e "GET / HTTP/1.1\r\nHost: $host\r\nConnection: close\r\n\r\n" > request.txt
openssl s_client -connect $host:443 -tls1_3 -sess_out session.pem -ign_eof < request.txt
openssl s_client -connect $host:443 -tls1_3 -sess_in session.pem -early_data request.txt
You can’t perform that action at this time.