docs: explain how to use DNS-over-TLS with nginx/STunnel

Readme.md

@@ -67,10 +67,6 @@ docker run -d --name doh-server \
   satishweb/doh-server
 ```
 
-## Logging
-
-All log lines (by either doh-client or doh-server) are written into `stderr`; you can view them using your OS tool of choice (`journalctl` when using systemd).
-
 ## Server Configuration
 
 The following is a typical DNS-over-HTTPS architecture:
@@ -273,6 +269,24 @@ services:
 
 > IPV6 Support for Docker Compose based configuration TBA
 
+### Example configuration: DNS-over-TLS
+
+There is no native [DNS-over-TLS](https://en.wikipedia.org/wiki/DNS_over_TLS) support but you can easily add it via nginx:
+```
+stream {
+    server {
+        listen                  *:853 ssl;
+        proxy_pass              ipofyourdnsresolver:port  #127.0.0.1:53
+    }
+
+    ssl_certificate /etc/letsencrypt/live/site.yourdomain/fullchain.pem; 
+    ssl_certificate_key /etc/letsencrypt/live/site.yourdomain/privkey.pem; 
+}
+```
+
+The DoT service can also be provided by running a [STunnel](https://www.stunnel.org/) instance to wrap dnsmasq (or any other resolver of your choice, listening on a TCP port);
+this approach does not need a stand-alone daemon to provide the DoT service.
+
 ## DNSSEC
 
 DNS-over-HTTPS is compatible with DNSSEC, and requests DNSSEC signatures by
@@ -319,10 +333,6 @@ Currently supported features are:
 - [X] EDNS0 large UDP packet (4 KiB by default)
 - [X] EDNS0-Client-Subnet (/24 for IPv4, /56 for IPv6 by default)
 
-## Known issues
-
-* it does not work well with [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy), you might want to use either (or fix the compatibility bugs by submitting PRs)
-
 ## The name of the project
 
 This project is named "DNS-over-HTTPS" because it was written before the IETF DoH project. Although this project is compatible with IETF DoH, the project is not affiliated with IETF.