I tried to research that and think this is a Discourse bug.
Enabling use https
should cause Discourse to only use HTTPS URLs, but neither the Github authenticator, the Google authenticator nor their superclass inspect this site setting. Omniauth tries to detect SSL like this:
Adding
proxy_set_header X-Forwarded-Proto $scheme;
to the nginx configuration might work around that, but I’m not sure this is passed on by Discourse’s internal nginx and cannot test that right now.
I do know that SSO is not affected.