I’m setting up a Blue Iris Camera IP camera monitoring system on my home network. I am working on remote access to it now.
The software can be configure to serve a secure web page via stunnel / ngrok.
I currently have it setup to stunnel with a self generated key and these settings in the config file
accept = 8080
connect = 81
cert = stunnel.pem
I have a port forward on my unifi for 8080 to that server
I can get to the web interface externally via http(s) using localip or externalip on 8080 but I have to ack the cert issue. This won’t work for the Blue Iris app on phone as it is expecting a valid cert.

Started trying to setup SWAG container as a reverse proxy with a cert from letsencrypt
Have container / image done as well as a an entry in duckdns
Can do nslookup myname against dns and get back my external IP from duckdns

My docker compose.
services:
swag:
image: linuxserver/swag
container_name: swag
cap_add:
- NET_ADMIN
environment:
- PUID=1000
- PGID=1000
- TZ=America/Los Angeles
- URL=myname.duckdns.org
- SUBDOMAINS=wildcard
- VALIDATION=duckdns
- DUCKDNSTOKEN=“XXXXXX-XXXX-444XX-9977-990000000000”
- EMAIL=“myemail”
- ONLY_SUBDOMAINS=false
volumes:
- /home/aptalca/appdata/swag:/config
ports:
- 443:443
- 80:80
restart: unless-stopped

Anything jump out to anyone on why my config isn’t working properly both in terms of a rewrite or getting a valid 90 day cert ?

Found a post about a guy setting his rules to rewrite the traffic to the stunnel port which I tried without success.
server {
listen 443 ssl;

    root /config/www;
    index index.html index.htm index.php;

    server_name myname.duckdns.org;

    ssl_certificate /config/keys/letsencrypt/fullchain.pem;
    ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
    ssl_dhparam /config/nginx/dhparams.pem;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
    ssl_prefer_server_ciphers on;

    client_max_body_size 0;

    location / {
            include /config/nginx/proxy.conf;
            proxy_pass  https://mylocalip:8080 

NOTE: Port 8080 is the stunnel port number and not the blue iris http port number

    }

}

I can get the web page via http(s) to my localip now without the 8080 but still getting a cert issue saying not secure.
I also created a 443 rewrite rule on my unifi and externally I can get to myname via the full duckdns name via https but getting a cert issue.