In my case of such config I was able to force perl application to build links inside with https. If your links don't have any scheme, then user's browser will use existing one.
Also, you should avoid rewrites with schemes on nginx side.
i.e. rewrite ^ http://example.com/ permanent; should be avoided, because it enforces to use http.
but you could also (and should) redirect to https instead?