server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name loc.sh;

    ssl_certificate /etc/letsencrypt/live/loc.sh-0001/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/loc.sh-0001/privkey.pem; # managed by Certbot

    location / {
        proxy_pass http://localhost:3890;
    }

}