Show HN: Nginx Image with HTTP/3 (QUIC), TLS1.3 with 0-RTT, Brotli

I'm just curious, is there a reason not to use a multi-stage docker build here? There are a ton of build steps, and it seems pretty tedious to have to start from scratch every time while developing the image without any layer caching.

You may find my NGINX image[1] interesting.<p>There&#x27;s some features you could easily add to yours in order to make it a better overall image.<p>[1] <a href="https:&#x2F;&#x2F;github.com&#x2F;ricardbejarano&#x2F;nginx" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;ricardbejarano&#x2F;nginx</a>

I would suggest highlighting the experimental nature of the repo, especially if someone reaches it without going through HN. I&#x27;ve read the catchy &quot;All built on the bleeding edge. Built on the edge, for the edge.&quot; but IMO it doesn&#x27;t really sound like a warning that this may not be suitable for serious production use.

I did exactly this 3 days ago, forked from fholzer&#x2F;docker-nginx-brotli our work looks very much the same<p>See <a href="https:&#x2F;&#x2F;github.com&#x2F;githubcdr&#x2F;docker-nginx-brotli" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;githubcdr&#x2F;docker-nginx-brotli</a>

I&#x27;ve played around with the nginx cloudflare patches and quiche, and it all seems to work just fine in my lab setup.<p>I don&#x27;t like having to apply third party patches to any mission critical software such as nginx. So I&#x27;ll wait until nginx releases official support for linking the quiche library, like they did with brotli.

I think 0-RTT is just bad idea security wise.

How about 0-RTT replay attack protection?

This is great, and I&#x27;ll be using it for development! However, I&#x27;ve been looking for something a bit more predictable, and yet still modern, for production use. I do not know why Brotli support isn&#x27;t included in every nginx image at this point.

From WP I get the impression that the work-in-progress now called HTTP&#x2F;3 was not necessarily designed supposed to supplant HTTP&#x2F;2:<p>&gt; On 28 October 2018 in a mailing list discussion, Mark Nottingham, Chair of the IETF HTTP and QUIC Working Groups, made the official request to rename HTTP-over-QUIC as HTTP&#x2F;3 to &quot;clearly identify it as another binding of HTTP semantics to the wire protocol ... so people understand its separation from QUIC&quot;<p>Any opinions on how things are likely to play out?

Are there any benchmarcks of http3? I would like to see how it compare vs http2 h2 + tcp fast open

OT: musl is pronounced like &#x27;muscle&#x27; or do you spell it out &#x27;m-u-s-l&#x27;

For non technical users why ia this interesting?

Looks I don&#x27;t need Cloudflare anymore XD.

I haven&#x27;t been following the TLS1.3 development. What is the current state of SNI encryption? Is it possible to encrypt the name of the host you&#x27;re trying to connect to?