I have now been able to solve it. I could do it using a specific option of the docker based solution https://github.com/SteveLTN/https-portal. In particular it allows to override nginx configuration files

The main point is it uses erb files, which allow variables, such as <%= domain.name %> which I had to use instead of http://127.0.0.1

I had to modify the one for ssl.
Here it is:

There were some specifics that had to do with the

# based on https://github.com/SteveLTN/https-portal/blob/master/examples/custom_config/nginx-conf/example.com.ssl.conf.erb
# This file overrides default nginx HTTPS settings for my.example.com
# Mount this file as "/var/lib/nginx-conf/my.example.com.ssl.conf.erb"

server {
    listen 443 ssl http2;

    # domain.name will be "my.example.com", you can also hard-code it.
    server_name <%= domain.name %>;

    ssl on;
    ssl_certificate <%= domain.chained_cert_path %>;
    ssl_certificate_key <%= domain.key_path %>;

    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_session_cache shared:SSL:50m;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA;
    ssl_prefer_server_ciphers on;

    ssl_dhparam <%= dhparam_path %>;

    location / {
        set $backend <%= domain.upstream %>;
        proxy_pass $backend;
    }
    location /stream {
        proxy_pass <%= domain.upstream %>/stream;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_read_timeout 2h;
    }
}

Unfortunately I have now hit the letsencrypt limits, but this should resolve itself in a couple of days.

@agray Thank you for your help and encouragement