Trying to configure SWAG for Blue Iris (Having some issues)

I’m setting up a Blue Iris Camera IP camera monitoring system on my home network. I am working on remote access to it now.
The software can be configure to serve a secure web page via stunnel / ngrok.
I currently have it setup to stunnel with a self generated key and these settings in the config file
accept = 8080
connect = 81
cert = stunnel.pem
I have a port forward on my unifi for 8080 to that server
I can get to the web interface externally via http(s) using localip or externalip on 8080 but I have to ack the cert issue. This won’t work for the Blue Iris app on phone as it is expecting a valid cert.

Started trying to setup SWAG container as a reverse proxy with a cert from letsencrypt
Have container / image done as well as a an entry in duckdns
Can do nslookup myname against dns and get back my external IP from duckdns

My docker compose.
image: linuxserver/swag
container_name: swag
- PUID=1000
- PGID=1000
- TZ=America/Los Angeles
- SUBDOMAINS=wildcard
- VALIDATION=duckdns
- DUCKDNSTOKEN=“XXXXXX-XXXX-444XX-9977-990000000000”
- EMAIL=“myemail”
- /home/aptalca/appdata/swag:/config
- 443:443
- 80:80
restart: unless-stopped

Anything jump out to anyone on why my config isn’t working properly both in terms of a rewrite or getting a valid 90 day cert ?

Found a post about a guy setting his rules to rewrite the traffic to the stunnel port which I tried without success.
server {
listen 443 ssl;

    root /config/www;
    index index.html index.htm index.php;


    ssl_certificate /config/keys/letsencrypt/fullchain.pem;
    ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
    ssl_dhparam /config/nginx/dhparams.pem;
    ssl_prefer_server_ciphers on;

    client_max_body_size 0;

    location / {
            include /config/nginx/proxy.conf;
            proxy_pass  https://mylocalip:8080 

NOTE: Port 8080 is the stunnel port number and not the blue iris http port number



I can get the web page via http(s) to my localip now without the 8080 but still getting a cert issue saying not secure.
I also created a 443 rewrite rule on my unifi and externally I can get to myname via the full duckdns name via https but getting a cert issue.