server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name loc.sh;

    ssl_certificate /etc/letsencrypt/live/loc.sh-0001/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/loc.sh-0001/privkey.pem; # managed by Certbot

    location / {

        proxy_set_header Host $host;

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_pass http://localhost:3890;

        proxy_read_timeout 90;

        proxy_redirect http://localhost:3890 https://loc.sh;

    }

}