How to set up HTTPS for Rasa chatbot?

I have a chatbots (5 pcs) running on testbed cloud server. They all work perfectly in HTTP mode but no I need to change to HTTPS mode and there the problem started. I can get HTTPS working easily but then the chatbot widget doesn't work any more.

My environment:
Chatbot engine: Rasa 2.2 in docker 20.10.6 container
Chatbot widget: Botfront webchat 0.11.12
Web server: Nginx 1.14.0
Server: Ubuntu 18.04

I don't know even what is right way and after banging my head for a week and trying different ways, now I suppose I need to set up Nginx reverse proxy. I think that the problem is websocket between rasa and webchat.

This is how I start one chatbot

docker run --name=sakky --user 1003 -v $(pwd):/app -p "5006:5005" rasa/rasa:2.2.0-full run -m models --enable-api --cors "*" --debug

Here are my config filesIndex html

<!doctype html><html><head><meta charset="UTF-8"><script src="https://cdn.jsdelivr.net/npm/rasa-webchat@0.11.12/lib/index.min.js"></script><link rel="stylesheet" type="text/css" href="style.css"></head><body>testi sakky<div id="webchat"></div><script>  WebChat.default.init({    selector: "#webchat",    initPayload: "/tervetuloa",    customData: {"language": "fi"}, // arbitrary custom data. Stay minimal as this will be added to the socket    socketUrl: "http://sakkybotti1.omnia.fi:5006",    socketPath: "/socket.io/",    embedded: false,    title: "Sakky bot",    subtitle: "Lisätietoja hakemisesta ja opiskelusta",    inputTextFieldHint: "Kirjoita kysymys tähän",    profileAvatar: "robot_icon.png",    params: {"storage": "session"} // can be set to "local"  or "session". details in storage section.  })</script></body></html>

and here Nginx config file, you can see that I have tried many solution candidates

#upstream rasa server {#    server sakky:5006;#}server {        listen 443 ssl;        #listen [::]:443;        #listen 444;        #root /var/www/html/sakkyhttps;        #index index.html index.htm index.nginx-debian.html;        server_name sakkybotti1.omnia.fi;        #return 301 https//:$host$request_uri;        location / {                #try_files $uri $uri/ =404;                #proxy_pass http://sakkybotti1.omnia.fi;                #proxy_set_header Host $host;                root /var/www/html/sakkyhttps;                index index.html;                proxy_redirect https://sakkybotti1.omnia.fi http://sakkybotti1.omnia.fi;                #proxy_redirect https://sakkybotti1.omnia.fi:5006/socket.io/ http://sakkybotti1.omnia.fi/;                #proxy_pass http://sakkybotti1.omnia.fi/;                #proxy_pass https://sakkybotti1.omnia.fi:5006/socket.io/ http://sakkybotti1.omnia.fi/;                #proxy_pass http://sakkybotti1.omnia.fi;                #proxy_http_version 1.1;                #proxy_set_header Connection "upgrade";                 #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;                 #proxy_set_header Host $host;                 #proxy_pass http://sakkybotti1.omnia.fi;                 #proxy_http_version 1.1;                 #proxy_set_header Upgrade $http_upgrade;                 #proxy_set_header Connection "upgrade";        }   # listen [::]:443 ssl ipv6only=on; # managed by Certbot    #listen 443 ssl; # managed by Certbot    ssl_certificate /etc/letsencrypt/live/sakkybotti1.omnia.fi/fullchain.pem; # managed by Certbot    ssl_certificate_key /etc/letsencrypt/live/sakkybotti1.omnia.fi/privkey.pem; # managed by Certbot    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot}#server {#    if ($host = sakkybotti1.omnnia.fi:444) {#        return 301 https://$host$request_uri;#    } # managed by Certbot  #listen 444 default_server;  #listen 444  #listen [::]:80 default_server;#  server_name sakkybotti1.omnia.fi;#    return 404; # managed by Certbot#}