server {
    listen 10.8.0.1:443 ssl http2;
    #listen [::]:443 ssl http2;
    server_name cr.ins;

    ssl_certificate /etc/nginx/ssl/cr-ins.chain.crt;
    ssl_certificate_key /etc/nginx/ssl/cr-ins.key.pem;

    location / {

        proxy_set_header Host $host;

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_pass http://10.8.0.1:3891;

        proxy_read_timeout 90;

        proxy_redirect http://10.8.0.1:3891 https://cr.ins;

    }
}