user  nginx;
worker_processes  auto;

events {
    worker_connections  1024;
}

http {
    server {
        listen 80;

        location /.well-known/acme-challenge/ {
            alias /var/www/certbot/;
        }

        location / {
            return 404;
        }
    }
}

stream {

    upstream relay {
         server nginx-relay:4433;
    }

    server {
        listen                443 ssl;
        proxy_pass            relay;

        access_log            off;
        error_log             /dev/null;

        ssl_certificate /etc/letsencrypt/active/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/active/privkey.pem;
        include /etc/letsencrypt/options-ssl-nginx.conf;
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
     }

}