You're right that using "proxy_set_header X_FORWARDED_PROTO https;" is all that's needed to tell Rails that the request is secure. Your back-end server configs are what I used. The reason for listening on multiple ports is that the back-end nginx does not pass the X_FORWARDED_PROTO header (from the front-end nginx) through to Rails.<br>
<div><br></div><div>I'm not quite clear on which part isn't necessary, though. Your example config is essentially what I'm using now.</div><div><br></div><div>Thanks,</div><div>Nick</div>