Nginx only allows you to do a layer 4 passhthrough, which means all your clients will need to trust the TLS certificate of the RDS database. Furthermore, the nginx proxy will have a different hostname to your RDS database, so certificate validation will fail. So if you care about connecting securely, you should have TLS termination in NGINX. The problem is Nginx cannot do the handshake for Postgres.
So what should you do? You asked for a better alternative, so here's a gift from us :) A proxy specifically built to address this, which is now open source, and available as a Docker image.
Yeah Postgres has its own wrapper around TLS. We had to solve this exact issue, and we open sourced the solution, because nothing else could do it (eg nginx)