Nginx does not understand the PostgreSQL handshake. So all you can do is a traffic passthrough, which is insecure because it does not allow your clients to properly verify who they're connecting to.
We had to solve this exact problem, and we open sourced the solution,