If you want to go the ‘external route’, here's the Docker Compose config to use Caddy as a reverse proxy:
https://gitlab.com/clovis-ai/formulaide/-/blob/main/docker/docker-compose.prod.yml#L20
The idea is that incoming HTTPS traffic is sent to Caddy, which decodes it and transmits it to Ktor as HTTP. I like this approach because it is much easier to setup and maintain (Caddy refreshes certificates automatically), however it means that internal traffic is unencrypted.