Why are the links are in Http and the domain is in Https with a nginx proxy

Question

I have just set up Laravel octane and its working as expected but all of the links are shown in http but the site is over HTTPS.

For example when trying to login. The user will be warned by the web browser.

This is what Firefox says:

The information entered will be transmitted in clear (without encryption). They can therefore possibly be intercepted and read during their routing.

The config for nginx taken from laravel's website and added ssl cert.

My question is: How can i serve everything over only Https ?

Link to the config: this

My nignx config :

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

server {
    server_name  mysite.com;
    server_tokens off;
    root /var/www/site/public;

    index index.php;

    charset utf-8;

    location /index.php {
        try_files /not_exists @octane;
    }

    location / {
        try_files $uri $uri/ @octane;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log off;
    error_log  /var/log/nginx/mysite.com-error.log error;

    #error_page 404 /index.php;

    location @octane {
        set $suffix "";

        if ($uri = /index.php) {
            set $suffix ?$query_string;
        }

        proxy_http_version 1.1;
        proxy_set_header Host $http_host;
        proxy_set_header Scheme $scheme;
        proxy_set_header SERVER_PORT $server_port;
        proxy_set_header REMOTE_ADDR $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;

        proxy_pass http://127.0.0.1:900$suffix;
    }


    listen [::]:443 ssl ipv6only=on http2; # managed by Certbot
    listen 443 ssl http2; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/mysite-0002/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mysite.com-0002/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}

server {
    if ($host = mysite.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    listen [::]:80;
    server_name _;
    return 444; # managed by Certbot 


}}