A DIY Quantum Server VS the Official Open Quantum Safe Server

Eureka – it works!

I built a DIY quantum-safe container named Eureka for plug & play quantum-safe research deployments. That is to say I built and configured a basic web app serving a Python application on an Ubuntu server with NGINX that accepts classical cryptographic connections, and optionally accepts requests via the brand new ML-KEM (Kyber), ML-DSA (Dilithium), and SLH-DSA (SPHINCS+) U.S. NIST standards for the quantum-safe web.

When I first set out to build a quantum-enabled Docker container, I expected it to become a lightweight production tool for research. It was meant as a research experiment — a way to explore how post-quantum algorithms and hybrid TLS might fit into containerized environments within Fortune 500 Bank internal and external networks, and similar high profile organizations. I challenged myself to build a truly Plug & Play Quantum-Safe Docker Image for Fortune 500 Banks, from the comfort of my own living room – and it’s been a good start.

Along the way, I discovered that there’s already an official project doing something similar at scale, but it’s not industry specific, which is perfect: the OQS-NGINX Docker image. Their goals and mine are quite different, but both shed light on the same challenge:

How do we prepare our web infrastructure for the post-quantum world?
How do we start testing existing networks today?

So, how does my DIY quantum-enabled Docker container compare to the Open Quantum Safe (OQS) NGINX Docker image?

Aspect	Eureka (My Hybrid Quantum NGINX Container)	OQS-NGINX Docker Image
Purpose	Research & proof-of-concept	Production-oriented testing & adoption
Audience	Educators, researchers, white hats	Enterprises, security professionals
Focus	Exploring hybrid TLS inside containers	Providing a reference NGINX build with PQC support
Scope	Minimal, one-off build (Ubuntu, NGINX, Python app, PQC certs)	Broad ecosystem integration with OQS-OpenSSL, maintained builds
Production readiness	❌ Not production-ready (manual flows, experimental scripts)	✅ Tested and maintained by Open Quantum Safe project

What I Built (and Why)

My image was about hands-on experimentation. I wanted to:

• Generate hybrid TLS certificates that combined classical and post-quantum algorithms.
• Wire those certs into NGINX running in a container.
• Add a simple Python app behind it, just to test how the full flow felt.
• Keep everything transparent and reproducible, so I could learn from mistakes.

In practice, that meant building from a vanilla Ubuntu base, writing my own entrypoint.sh to decrypt and run the app, and bolting NGINX onto it with a custom config. It worked — but it’s fragile, and definitely not something you’d ship to production.

What OQS-NGINX Does Differently

The OQS image takes a professional approach:

• It integrates directly with OQS-OpenSSL, giving you access to the latest PQC algorithms.
• It’s built as a maintained reference image, so others can test PQC in a predictable way.
• It’s designed for interoperability testing, not just experiments.

Where the Two Meet

Both projects matter — just for different reasons:

• My image helped me (and maybe others) understand the moving parts: certificates, configs, containers, and flows.
• The OQS image helps the wider community test and prepare for the real transition to PQC.

They’re not competitors. Mine is a sandbox, theirs is a foundation.

This journey taught me that experimentation has value even if the result isn’t production-ready. By tinkering, I got a deeper understanding of the mechanics of hybrid TLS, container flows, and the challenges ahead.

At the same time, I see the importance of projects like OQS-NGINX that move us closer to real-world deployment. My little container might break tomorrow, but theirs is designed to stand the test of time.

Next steps for me will be to replicate my successful DIY tests using the OQS-NGINX Docker image.

So if you’re a researcher like me, don’t be afraid to build your own. But if you’re looking for something stable to test PQC in the real world — start with the OQS-NGINX Docker image.