The SSL is setup with the nginx service inside the container. If the container is exposed to the internet and you access it directly from the browser (default discourse installation), you will have SSL.
But if you put a reverse proxy in front of it (be it Apache, Nginx, or some 3rd party service, like Cloudflare), you will have to ensure that the connection between the browser and the reverse proxy is secure.
So, in your case, you will have to generate certificates for the nginx reverse proxy (I don’t think you need to add the SSL templates from discourse because the container is not exposed directly to the internet; you can, but don’t need).
You can take a look in how to do that using Let’s Encrypt (free, the same that is used in the default installation of Discourse, but in this case for the nginx outside the container).
TL;DR The nginx that acts as a reverse proxy needs SSL. The nginx that is inside the container doesn’t need SSL (assuming you are accessing from the same machine).