From 49b86a941ebc19216098cbd040062d572e2f2f75 Mon Sep 17 00:00:00 2001 From: Yury Date: Tue, 11 Feb 2020 17:56:31 +0300 Subject: [PATCH] readme update --- README.md | 8 +++++++- example.nginx.conf | 44 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+), 1 deletion(-) create mode 100644 example.nginx.conf diff --git a/README.md b/README.md index 4ed8833..f3ed7f6 100644 --- a/README.md +++ b/README.md @@ -3,4 +3,10 @@ Nginx compiled with BoringSSL and quiche for HTTP3 support Image is super large ~2GB, recommed to use: -https://github.com/RanadeepPolavarapu/docker-nginx-http3 \ No newline at end of file +https://github.com/RanadeepPolavarapu/docker-nginx-http3 + +usage: +- get certs from certbot in /etc/letsencrypt/ +- create nginx.conf like in example + +`docker run --name nginx -d --net host -v /etc/letsencrypt/:/opt/nginx/certs/ -v /opt/nginx/conf/nginx.conf:/opt/nginx/conf/nginx.conf ymuski/nginx-quic:1.16.1` \ No newline at end of file diff --git a/example.nginx.conf b/example.nginx.conf new file mode 100644 index 0000000..57a9643 --- /dev/null +++ b/example.nginx.conf @@ -0,0 +1,44 @@ +worker_processes 1; + +events { + worker_connections 1024; +} + +http { + + # include mime.types; + # default_type application/octet-stream; + # sendfile on; + + server { + # Enable QUIC and HTTP/3. + listen 443 quic reuseport; + + # Enable HTTP/2 (optional). + listen 443 ssl http2; + + server_name your_domain; + + ssl_certificate /opt/nginx/certs/live/your_domain/fullchain.pem; + ssl_certificate_key /opt/nginx/certs/live/your_domain/privkey.pem; + + # Enable all TLS versions (TLSv1.3 is required for QUIC). + ssl_protocols TLSv1.3; + + ssl_early_data on; + + #proxy_set_header Early-Data $ssl_early_data; + + if ($host != "your_domain") { + return 404; + } + + # Add Alt-Svc header to negotiate HTTP/3. + add_header alt-svc 'h3-24=":443"; ma=86400, h3-23=":443"; ma=86400'; + + location / { + root html; + index index.html index.htm; + } + } +}