NGINX Reverse Proxy redirecting HTTPS to HTTP

I'm setting up a reverse proxy with nginx and I need it to work as follows:

reverse proxy structure

The client will access my url (cron.mocxmonitoramento.com.br) and it will fall into my reverse proxy. With this, my proxy must direct the connection to servers 1 or 2 or 3 as required. Such configuration it works correctly when we make the HTTP access, however when the HTTPS connection is made, the redirect does not work correctly.

Servers 1, 2 and 3 run a Laravel 7 application. All servers have nginx installed and configured.

Here are the configurations of servers 1, 2 and 3. (They are identical):

server {
listen 80 default_server;
listen [::]:80 default_server;

server_name _;

access_log /home/ubuntu/mocxmonitoramento.com.br/logs/access.log;
error_log /home/ubuntu/mocxmonitoramento.com.br/logs/error.log;

root /home/ubuntu/mocxmonitoramento.com.br/public/public/;
index index.php;

location / {
   try_files $uri $uri/ /index.php?$args;
}

location ~ \.php$ {
    try_files $uri =404;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass unix:/run/php/php7.4-fpm.sock;
    fastcgi_index index.php;
    include fastcgi_params;
}
}

Here are the configurations of Reverse Proxy:

upstream cron {
    server 10.0.1.30;
    server 10.0.1.31;
    server 10.0.1.32;
}
server {
    listen 443 ssl;

    server_name cron.mocxmonitoramento.com.br www.cron.mocxmonitoramento.com.br;

    ssl_certificate /etc/letsencrypt/live/cron.mocxmonitoramento.com.br/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/cron.mocxmonitoramento.com.br/privkey.pem;

    error_page 502 /502.html;
    location = /502.html {
            root /usr/local/nginx/html;
            internal;
    }

    location / {
            proxy_set_header   X-Forwarded-For $remote_addr;
            proxy_pass http://cron;
            proxy_redirect default;
            proxy_redirect / $scheme://$http_host/xcharge/;

            proxy_set_header Host $http_host;
            proxy_set_header X-Forwarded-For $remote_addr;
    }

    location = /xcharge {
            return 301 $scheme://$http_host$uri/$is_args$args;
    }
}
server {
    listen 80;

    server_name cron.mocxmonitoramento.com.br www.cron.mocxmonitoramento.com.br;

    error_page 502 /502.html;
    location = /502.html {
            root /usr/local/nginx/html;
            internal;
    }

    location / {
            proxy_set_header   X-Forwarded-For $remote_addr;
            proxy_pass http://cron;
            proxy_redirect default;
            proxy_redirect / $scheme://$http_host/xcharge/;

            proxy_set_header Host $http_host;
            proxy_set_header X-Forwarded-For $remote_addr;
    }

    location = /xcharge {
            return 301 $scheme://$http_host$uri/$is_args$args;
    }
}

As you can see, in the nginx configuration file of servers 1, 2 and 3 they listen only to port 80 and do not have an SSL certificate. The Reverse Proxy, on the other hand, listens to both port 80 and port 443 and it has the certificate installed normally (I use certbot).

Access via port 80 works normally, however when I access https I get the following error in the browser:

browser error: This request has been blocked; the content must be served over HTTPS.

That is, the browser made an HTTPS connection, but the laravel application is trying to fetch data over a non-secure connection (HTTP) and the browser blocks its loading. I did several searches on the internet to find a solution to this issue but was not able to find anything that would help me. I would like to know if anyone has already put something in this direction that could help me.

My nginx installation is not a standard installation, I did it by compiling the nginx code and installing the Nginx Sticky Module open lib.

I installed it as follows:

sudo apt-get update -y
sudo apt-get upgrade -y
sudo apt-get install libpcre3 libpcre3-dev -y
sudo apt install build-essential checkinstall zlib1g-dev -y

CertBot

sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot -y
sudo ufw allow 80
sudo certbot certonly --standalone --preferred-challenges http -d {URL}
sudo certbot renew --dry-run

Github do modulo Styck
https://github.com/Refinitiv/nginx-sticky-module-ng
git clone https://github.com/Refinitiv/nginx-sticky-module-ng.git
wget https://www.openssl.org/source/openssl-1.1.1k.tar.gz
tar -xf openssl-1.1.1k.tar.gz

Instalando nginx com o modulo styck
Acesse e procure a versão do Nginx 1.22.1.
http://nginx.org/en/download.html
wget http://nginx.org/download/nginx-1.22.1.tar.gz
tar -xvzf nginx-1.22.1.tar.gz
cd nginx-1.22.1
./configure --with-http_ssl_module --add-module=/home/ubuntu/nginx-sticky-module-ng --with-openssl=/home/ubuntu/openssl-1.1.1k
make
sudo make install

After that, there are some basic configurations of files and directories of nginx because it ends up being installed in /usr/local/nginx of OS ubuntu 20.04

Anyway, I would like to know if anyone has gone through this and if they could help me. Thank you all.

Most likely you need to set Laravel root URL properly to have the https URL there.