In production you usually want centralized certificate handling and off-loading TLS termination to a load-balancer.
I posted scripts to have NGINX realod certs automatically from Domino CertMgr via HTTPS to leverage Domino's Let's Encrypt implementation.
But sometimes you really want all your servers directly exposed over TLS.
For example in a lab environment with limited resources and only one IP, you might want to still have each of the hosts expose their services on their own.
This is a companion discussion topic for the original entry at https://blog.nashcom.de/nashcomblog.nsf/dx/nginx-tcp-stream-with-sni-support.-more-than-helpful-for-lab-environments.htm