This would force you to https on the lxc/LXD endpoint that you proxied to correct? I prefer to just iptables 80/443 (guess could proxy that part too instead of iptables) to an LXD HAProxy container, and then have HAProxy do the proxying and domain-based load-balancing/acl's, coupled with the advantage of terminated SSL in one place (the HAproxy container) for all (sub)domains/services.
