worker_processes  1;

events {
    worker_connections  1024;
}

http {

    # include       mime.types;
    # default_type  application/octet-stream;
    # sendfile      on;

    server {
        # Enable QUIC and HTTP/3.
        listen 443 quic reuseport;

        # Enable HTTP/2 (optional).
        listen 443 ssl http2;

        server_name your_domain;

        ssl_certificate      /opt/nginx/certs/live/your_domain/fullchain.pem;
        ssl_certificate_key  /opt/nginx/certs/live/your_domain/privkey.pem;

        # Enable all TLS versions (TLSv1.3 is required for QUIC).
        ssl_protocols TLSv1.3;

        ssl_early_data on;

        #proxy_set_header Early-Data $ssl_early_data;

        if ($host != "your_domain") {
                return 404;
        }
        
        # Add Alt-Svc header to negotiate HTTP/3.
        add_header alt-svc 'h3-24=":443"; ma=86400, h3-23=":443"; ma=86400';

        location / {
            root   html;
            index  index.html index.htm;
        }
    }
}