Awesome Open Source
Awesome Open Source


Docker Pulls Docker Cloud Build Status Docker Cloud Automated build MicroBadger GitHub Contributor Covenant

Alpine Linux image with nginx 1.19.6 (mainline) with HTTP/3 (QUIC), TLSv1.3, 0-RTT, brotli, NJS, Cookie-Flag support. All built on the bleeding edge. Built on the edge, for the edge.

HTTP/3 support provided from the smart people at CloudFlare with the cloudflare/quiche project.

Images for this are available on Docker Hub.

Latest: docker pull ranadeeppolavarapu/nginx-http3


This is a base image like the default nginx image. It is meant to be used as a drop-in replacement for the nginx base image.

Best practice example Nginx configs are available in this repo. See nginx.conf and h3.nginx.conf.


# Base Nginx HTTP/3 Image
FROM ranadeeppolavarapu/nginx-http3:latest

# Copy your certs.
COPY localhost.key /etc/ssl/private/
COPY localhost.pem /etc/ssl/

# Copy your configs.
COPY nginx.conf /etc/nginx/
COPY h3.nginx.conf /etc/nginx/conf.d/

H3 runs over UDP so, you will need to port map both TCP and UDP. Ex: docker run -p 80:80 -p 443:443/tcp -p 443:443/udp ...

NOTE: Please note that you need a valid CA signed certificate for the client to upgrade you to HTTP/3. Let's Encrypt is a option for getting a free valid CA signed certificate.


Contributions are welcome. Please feel free to contribute 😊.


Future Additions

Possible additions in the future pending IETF spec approvals.


Using Chrome Canary with the following CLI flags:

--flag-switches-begin --enable-quic --quic-version=h3-29 --enable-features=EnableTLS13EarlyData --flag-switches-end

Run on Mac OS (darwin):

"/Applications/Google Chrome Contents/MacOS/Google Chrome Canary" \
  --flag-switches-begin \
  --enable-quic \
  --quic-version=h3-29 \
  --enable-features=EnableTLS13EarlyData \


Windows Chrome Canary

HTTP/3 (QUIC) Proof

Since HTTP/3 is experimental, we have to be sensible with it. Therefore, below is HTTP/3 in production on one of my web apps 🙃.


HTTP/2 with Server Push


TLS v1.3


0-RTT Proof


Testing 0-RTT # Replace your domain.
echo -e "GET / HTTP/1.1\r\nHost: $host\r\nConnection: close\r\n\r\n" > request.txt
openssl s_client -connect $host:443 -tls1_3 -sess_out session.pem -ign_eof < request.txt
openssl s_client -connect $host:443 -tls1_3 -sess_in session.pem -early_data request.txt

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
dockerfile (813
nginx (460
tls (182
http2 (130
quic (38
brotli (30
tls13 (16

Find Open Source By Browsing 7,000 Topics Across 59 Categories