diff --git a/utils/docker-debian10.tls13only.start.sh b/utils/docker-debian10.tls13only.start.sh
new file mode 100644
index 0000000..9e308dc
--- /dev/null
+++ b/utils/docker-debian10.tls13only.start.sh
@@ -0,0 +1,31 @@
+
+# no early data, but TLS 1.3 with debian:buster (sid simlar in Feb 2019)
+
+image=${1:-"debian:buster"}
+docker pull "$image"
+ID=$(docker run -d -ti $image)
+
+docker exec -ti $ID apt-get update
+docker exec -ti $ID apt-get install -y ssl-cert dialog
+docker exec -ti $ID apt-get install -y nginx-common nginx-light
+docker exec -ti $ID cp /etc/nginx/sites-available/default /etc/nginx/sites-available/default.bak
+docker exec -ti $ID sed -i -e 's/# listen/listen/' -e 's/# include/include/' /etc/nginx/sites-available/default
+if echo "$0" | grep -q only; then
+	docker exec -ti $ID sed -i -e 's/listen \[::\]:443 ssl default_server;/&\n\tssl_protocols           TLSv1\.3;\n\tssl_ecdh_curve          X448:X25519;/' /etc/nginx/sites-available/default
+else
+	docker exec -ti $ID sed -i -e 's/listen \[::\]:443 ssl default_server;/&\n\tssl_protocols           TLSv1\.2 TLSv1\.3;\n\tssl_ecdh_curve          X448:X25519;/' /etc/nginx/sites-available/default
+fi
+
+s/listen \[::\]:443 ssl default_server;/&\n\tssl_protocols              TLSv1.2 TLSv1.3;/\n\tssl_ecdh_curve X448:X25519;' /etc/nginx/sites-available/default
+
+docker exec -ti $ID nginx -V
+docker exec -ti $ID service nginx start
+docker exec -ti $ID service nginx status
+# P Q
+
+docker inspect $ID | jq -r '.[].NetworkSettings.IPAddress'
+
+exit 0
+
+
+
diff --git a/utils/docker-nginx.tls13-earlydata.start.sh b/utils/docker-nginx.tls13-earlydata.start.sh
new file mode 100644
index 0000000..53b030a
--- /dev/null
+++ b/utils/docker-nginx.tls13-earlydata.start.sh
@@ -0,0 +1,55 @@
+#!/bin/bash
+
+image="rsnow/nginx"
+docker pull $image
+ID=$(docker run -d -ti $image)
+
+echo $ID
+
+docker exec -ti $ID nginx -V
+docker exec -ti $ID mkdir /etc/nginx/ssl
+HN=$(docker exec -ti $ID hostname| tr -d '\n' | tr -d '\r')
+
+cd /tmp
+cat >$ID.conf << EOF
+
+server {
+        listen 443 ssl default_server;
+        listen [::]:443 ssl default_server;
+        server_name _;
+
+        ssl_protocols TLSv1.2 TLSv1.3;
+        ssl_early_data on;
+        #
+        ssl_certificate /etc/nginx/ssl/$HN.crt;
+        ssl_certificate_key /etc/nginx/ssl/$HN.key;
+
+	location / {
+        	root   /usr/share/nginx/html;
+        	index  index.html index.htm;
+    	}
+    	error_page   500 502 503 504  /50x.html;
+    	location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+}
+EOF
+
+docker cp $ID.conf $ID:/etc/nginx/conf.d/443.conf
+
+C_ST_etc="C=DE/ST=Gotham/L=Nowhere/CN=${HN}"
+openssl req -subj "/${C_ST_etc}/CN=${HN}" -newkey rsa:4096 -keyout "$HN.key" -nodes -sha256 -out "$HN.req"
+openssl x509  -days 365  -in "$HN.req" -req -signkey "$HN.key" -out "$HN.crt"
+docker cp $HN.key $ID:/etc/nginx/ssl
+docker cp $HN.crt $ID:/etc/nginx/ssl
+
+docker exec -ti $ID nginx -s reload
+# docker start $ID
+
+# P Q
+docker inspect $ID | jq -r '.[].NetworkSettings.IPAddress'
+
+exit 0
+
+EOF
+