Azure Active Directory Application Proxy

Hello,

we'd like to use Azure Active Directory Application Proxy to take advantage of Microsoft authentication services and to protect the access to our on-prem Sage X3 v11 from the Internet. Currently we login into X3 from our LAN as http://erp.domain.com:8124 and we succesfully created the app in Azure AD to allow us to connect to https://erp-comany.msappproxy.net (or also https://erp.domain.com, if we publish the third-level domain in the Internet). We are taken to Sage X3 login page, then we get the following error:

Mixed Content: The page at 'erp.domain.com/.../main.html was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'erp.domain.com:8124/.../$prototypes('userProfile.$edit')'. This request has been blocked; the content must be served over HTTPS.

Has anybody faced and solved this issue before? It looks to me that the full URL http://erp.domain.com:8124 is written into Sage X3 code. Since I can access the login page, it looks like Microsoft can properly reverse-proxy the URL, but then something inside Sage's code want to connect to the old, local URL (http and 8124).
Maybe setting up a local reverse proxy like NGINX for masking Sage X3 frontend server under port 443 and https, and then apply Azure AD Application Proxy to this local reverse proxy?

Thank you,
Luca