Joplin beta server nginx http docker portainer - move to https

Hi guy's,

I got a mini server using Proxmox where I host an Ubuntu machine. On this one I got some dockers, I manage them using Portainer.
On the Ubuntu machine there on the same IP the Joplin server, NGINX Comunity and Portainer.
The Joplin server was deployed using a stack. This one:
version: '3'

services:
    db:
        image: postgres:16
        volumes:
              - ./data/postgres:/var/lib/postgresql/data
        ports:
            - "5431:5432"
        restart: unless-stopped
        environment:
            - POSTGRES_PASSWORD=[pass]
            - POSTGRES_USER=[jop_user]
            - POSTGRES_DB=[jop_DB]
    app:
        image: joplin/server:latest
        depends_on:
            - db
        ports:
            - "22300:22300"
        restart: unless-stopped
        environment:
            - APP_PORT=22300
            - APP_BASE_URL=http://[local_IP]:22300
            - DB_CLIENT=pg
            - POSTGRES_PASSWORD=[my_pass]
            - POSTGRES_DATABASE=[jop_name]
            - POSTGRES_USER=[jop_user]
            - POSTGRES_PORT=[jop_port]
            - POSTGRES_HOST=db

On my NGINX I got this conf:map

$scheme $hsts_header {
https   "max-age=63072000; preload";
}
server {
  set $forward_scheme https;
  set $server         "[local_IP]";
  set $port           22300;

  listen 80;
listen [::]:80;

listen 443 ssl http2;
listen [::]:443 ssl http2;

  server_name joplin.[my_choice].duckdns.org;

  # Let's Encrypt SSL
  include conf.d/include/letsencrypt-acme-challenge.conf;
  include conf.d/include/ssl-ciphers.conf;
  ssl_certificate /etc/letsencrypt/live/npm-4/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/npm-4/privkey.pem;

# Asset Caching
  include conf.d/include/assets.conf;

  # Block Exploits
  include conf.d/include/block-exploits.conf;

    # Force SSL
    include conf.d/include/force-ssl.conf;

proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;

  access_log /data/logs/proxy-host-5_access.log proxy;
  error_log /data/logs/proxy-host-5_error.log warn;

  location / {

    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $http_connection;
    proxy_http_version 1.1;

    # Proxy!
    include conf.d/include/proxy.conf;
  }

  # Custom
  include /data/nginx/custom/server_proxy[.]conf;
}

What I want:

  1. I want to be able to use Joplin via https using duckdns link. The duckdns link point's to the [local_IP]. I want this from LAN only because I access this after connecting to VPN only. - This is the first step and the basic requirement for this post.
  2. I want TLS as well.
  3. On the Android phones I want to set notifications (pop-up) in case of a note got update - I did not dig to much on this, may be simple, but a simple instruction is welcomed.

Note:
a. when i try to reach the joplin.my_choice.duckdns.org i got the 504 Gateway timeout.
b. the nginx network was added on the joplin container as well, if relevant, did not helped. The same for the joplin network to nginx container.
c. on duckdns, i have set the local_IP to be the one for the joplin.[my_choice].duckdns.org domain.
d. other containers, Portainer including, other machines like my NAS, do use the https connection and the let's encrypt certificates when the browser is pointed to the duckdns subdomain set on the nginx, only Joplin does not.

Thx for help to whoever will respond. I am new to the docker/nginx setup and I did not manage by myself reading other post's. I can mention that at this moment this setup is working fine for http only.