The web server hosts 4 domains and seven separate web sites, so universal SSL termination is done by HAProxy so I can keep the layers separated and provide caching even to SSL content.
The stack is HAProxy -> Varnish (cache) -> nginx reverse proxy -> Discourse.
Worth noting that I had no issues setting up the first Discourse forum under this same configuration.
Edited to add - client connections are over https, but I’m proxying from nginx to the docker container’s HTTP port, not HTTPS (again, doing what works for the first Discourse instance). I can try changing that to the HTTPS port to see what happens, though, if that’ll help.
edit^2 - no, that didn’t help.