events {
    worker_connections  1024;
}

http {
    include         /etc/nginx/mime.types;
    include         /etc/nginx/conf.d/*.conf;

    # https://github.com/google/ngx_brotli
    brotli_static   on;
    brotli          on;

    # http://nginx.org/en/docs/http/ngx_http_gzip_module.html
    gzip            on;
    gzip_vary       on;
    gzip_proxied    any;

    server {
        # https://github.com/cloudflare/quiche/tree/master/extras/nginx
        # Enable QUIC and HTTP/3.
        listen 443 quic reuseport;

        # Enable HTTP/2 (optional).
        listen 443 ssl http2;

        server_name your_domain;

        ssl_certificate      /opt/nginx/certs/live/your_domain/fullchain.pem;
        ssl_certificate_key  /opt/nginx/certs/live/your_domain/privkey.pem;

        # Enable all TLS versions (TLSv1.3 is required for QUIC).
        ssl_protocols TLSv1.3;

        ssl_early_data on;

        #proxy_set_header Early-Data $ssl_early_data;

        if ($host != "your_domain") {
                return 404;
        }
        
        # Add Alt-Svc header to negotiate HTTP/3.
        add_header alt-svc 'h3-24=":443"; ma=86400, h3-23=":443"; ma=86400';

        location / {
            root   html;
            index  index.html index.htm;
        }
    }
}