I believe you need this additional line:
proxy_set_header Host $host;
After hitting the same error on a new server setup and scouring these posts I realized the doc actually covers this here: Operating the Server | SonarQube Docs and there is a post on handling this case on IIS here: SonarQube Users: Let's talk about IIS and SAML Authentication!
I thought X-Forwarded-Host would accomplish this, but it did not work for me. I needed to set the “Host” header.
In my case I also added:
proxy_set_header X-Forwarded-Proto https;
although I think your $scheme is covering this since your error msg shows https:// in both URLs already.
I hope this helps you (and/or someone else!)