Reverse proxy and https connection

Now I am implementing a server and install several applications, plone, gitlab, and so on.
However, network security section in my institute permits me to open only 443 (https) ports.
Then, I implement reverse proxy by using nginx.
When the URL is include "plone" like "https://mydomain/plone", the packets are transferred to "http://localhost:8092/plone".
(As the same manner, the gitlab is also transferred to 8084 ports like "https://mydomain/gitlab" -> "http://localhost:8084")
But the plone web page shows "Mixed content blocking in Firefox" and figures and icons do not appear.
Please let me know how I can solve it.

In the local machine, I can see the plone page correctly to fill "http://localhost:8092/plone" in URL.
My configuration of nginx is

server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;

server_name  localhost;
ignore_invalid_headers off;

ssl_certificate "/etc/pki/tls/certs/mydomain.pem";
ssl_certificate_key "/etc/pki/tls/certs/mydomain.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout  10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

location ^~ /gitlab {
    proxy_pass http://127.0.0.1:8084;
}

location ^~ /plone {
    proxy_pass http://127.0.0.1:8092/;
}

}

Improper proxy_pass rewrite rule. See docs

https://docs.plone.org/manage/deploying/front-end/nginx.html#minimal-nginx-front-end-configuration-for-plone-on-ubuntu-debian-linux

Thank you for your reply.
Certainly, my proxy_pass is wrong.
Thus, the http links and https links are mixed in the plone pages.

I solve this problem as following,
/etc/nginx/conf.d/default.conf
location ^~ /plone {
sub_filter_once off;
sub_filter 'http://mydomain' 'https://mydomain';
proxy_pass http://127.0.0.1:8092/plone;
}

Thanks again.

Your links are likely mixed because of the improper rewrite rule...don't blame Plone for a misconfigured reverse proxy.

you're missing the Virtual Host Monster configuration; something like this should work:

proxy_pass http://127.0.0.1:8092/VirtualHostBase/https/mydomain:443/;

also, don't forget to disable TLS 1.0 (and maybe TLS 1.1), and add the HSTS header:

ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;