You have the Graylog Webinterface and API configured to run with https. Now you need to configure the collector-sidecar to use this https URL ( because the rest_listen_uri is only reachable via https ).
The Input that you have running in Graylog and use as a log target in NXLOG is independent - you can run that with TLS or without.