Docker: nginx-proxy with ssl backend

I am currently in the process of containerizing wordpress apps for development. And that has been going reasonably well so far :)

At the moment I am using one docker-compose.yml file (and some configs) per app. Each app consists of an nginx-webserver, a database and wordpress with fpm. (example docker-compose.yml below). Each app handles it's ssl on it's own and I have confirmed, that it works.

The next step in my masterplan is to use an nginx reverse proxy to have all app containers up at the same time without the need to use different ports on the host.

As I understand jwilder/nginx-proxy is the best tool for the job. So I was thinking - and please correct me if that is not best practice - that I could create a compose.yml file for the nginx-proxy that could run all the time and that would expose ports 80 and 443 to the host while automatically generating the nginx-configs for every container I' spin up afterwards.

version: '3.6'

services:
  nginx-proxy:
    image: jwilder/nginx-proxy
    container_name: nginx_proxy
    ports:
      - '80:80'
      - '443:443'
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro

networks:
  default:
    external:
      name: nginx-proxy

I tried that with an nginx-proxy which exposed port 80 to the host and a wordpress app setup in its own docker-compose.yml file using the mariadb:latest and wordpress:latest images. That did indeed work simply by adding the expose: \ -80 and the VIRTUAL_HOST environment variable.

But I don't quite get how to use the reverse proxy in front of my aforementioned wordpress apps. The documentation states this:

SSL Backends

If you would like the reverse proxy to connect to your backend using HTTPS instead of HTTP, set VIRTUAL_PROTO=https on the backend container.

Note: If you use VIRTUAL_PROTO=https and your backend container exposes port 80 and 443, nginx-proxy will use HTTPS on port 80. This is almost certainly not what you want, so you should also include VIRTUAL_PORT=443.

so I tried adding these environment variables to the app's docker-compose.yml file. Specifically on the nginx service inside and added exposed ports 80 and 443.

version: '3.6'
services:

  wordpress:
    image: wordpress:4.7.2-php7.1-fpm
    volumes:
      - ../public:/var/www/html
    environment:
      - WORDPRESS_DB_NAME=${WORDPRESS_DB_NAME:-wordpress}
      - WORDPRESS_TABLE_PREFIX=${WORDPRESS_TABLE_PREFIX:-wp_}
      - WORDPRESS_DB_HOST=${WORDPRESS_DB_HOST:-mysql}
      - WORDPRESS_DB_USER=${WORDPRESS_DB_USER:-root}
      - WORDPRESS_DB_PASSWORD=${WORDPRESS_DB_PASSWORD:-password}
    depends_on:
      - db
    restart: always

  db:
    image: mariadb:${MARIADB_VERSION:-latest}
    volumes:
      - tss-data:/var/lib/mysql
      # - ./db:/docker-entrypoint-initdb.d/
    environment:
      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD:-password}
      - MYSQL_USER=${MYSQL_USER:-root}
      - MYSQL_PASSWORD=${MYSQL_PASSWORD:-password}
      - MYSQL_DATABASE=${MYSQL_DATABASE:-wordpress}
    restart: always

  nginx:
    image: nginx:${NGINX_VERSION:-latest}
    container_name: nginx
    volumes:
      - ${NGINX_CONF_DIR:-./nginx}:/etc/nginx/conf.d
      - ${NGINX_LOG_DIR:-./logs/nginx}:/var/log/nginx
      - ${WORDPRESS_DATA_DIR:-./wordpress}:/var/www/html
      - ${SSL_CERTS_DIR:-./certs}:/etc/letsencrypt
      - ${SSL_CERTS_DATA_DIR:-./certs-data}:/data/letsencrypt
    environment:
      - VIRTUAL_HOST:local.my-app.com
      - VIRTUAL_PROTO:https
      - VIRTUAL_PORT:443
    expose:
      - 80
      - 443
    depends_on:
      - wordpress
    restart: always

volumes:
  tss-data:

networks:
  default:
    external:
      name: nginx-proxy

Alas, if I try to browse to local.my-app.com on port 80 I get 503 Service Temporarily Unavailable

If I try on port 443 the nginx reverse proxy does not respond at all. I feel like I am missing something fairly obvious but I can't seem to find it and I would really appreciate any thoughts on the matter.