The best way to fix this is with the backend application. (Without knowing anything about the backend app, I'll try to give a general answer.)
Here are 2 options:
Configure or modify the backend web application to use "https" when building links instead of detecting the protocol actually used.
(better option) Configure or modify the backend web application to use the X-Forwarded-Proto header when building links. This header would be set in the nginx proxy like so: proxy_set_header X-Forwarded-Proto $scheme;
Some installations, such as the Ubuntu packages, provide this in the proxy_params
snippet and can be included like so: 'include proxy_params'.
Both of these options require the backend web app to support this specifically or you to be able to modify them to.
If the backend web application is building links based on the protocol used to contact it, like $_SERVER['SERVER_PROTOCOL']
for php, then there is no way to change that with the nginx proxy alone.