Here is how to run this example. You'll need a certificate on the docker host at /path/to/cert.pem before you run this. In my case, I brought up a digitalocean node, got a letsencrypt cert and concatenated fullchain.pem and privkey.pem to get my /path/to/cert.pem. I also set up DNS for this node so that the TLS connection would work out of the box
docker build -t stunnel .
docker network create st
docker run -d --net=st --name upstream -p 80:80 nginx:alpine
docker run -d --net=st -v /path/to/cert.pem:/stunnel.pem -p 443:443 stunnel
Take a look at both the Dockerfile and the stunnel.conf to see what's going on.
The expected behavior is that you'll get nginx listening on port 80 (and published to port 80), and stunnel will be listening on port 443 (and published to port 443). stunnel uses docker's network service discovery to find the nginx container.
At the time of writing, this gets me stunnel 5.35 with OpenSSL 1.0.2h.