Adding "port_in_redirect off;" which fixes the problem caused when your router is forwarding from a different port. This stops nginx from adding the port back in which is needed in a couple cases.

auth-basic.conf

auth_basic              "Restricted";
auth_basic_user_file    /usr/local/etc/nginx/htpasswd;

index.html

<html>
	<head>
		<title>My NGINX Proxies</title>
	</head>
	<body>
		<h1>
			Welcome to my stuff</h1>
		<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
			<a href="/sickbeard">/sickbeard</a></p>
		<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
			&nbsp;</p>
		<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
			<a href="/sabnzbd">/sabnzbd</a></p>
		<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
			&nbsp;</p>
		<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
			<a href="/couchpotato">/couchpotato</a></p>
		<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
			&nbsp;</p>
		<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
			<a href="/transmission">/transmission</a></p>
	</body>
</html>

proxy-control.conf

proxy_connect_timeout   59s;
proxy_send_timeout      600;
proxy_read_timeout      600;
proxy_buffer_size       64k;
proxy_buffers           16 32k;
proxy_pass_header       Set-Cookie;
proxy_hide_header       Vary;

proxy_busy_buffers_size         64k;
proxy_temp_file_write_size      64k;

proxy_set_header        Accept-Encoding         '';
proxy_ignore_headers    Cache-Control           Expires;
proxy_set_header        Referer                 $http_referer;
proxy_set_header        Host                    $host;
proxy_set_header        Cookie                  $http_cookie;
proxy_set_header        X-Real-IP               $remote_addr;
proxy_set_header        X-Forwarded-Host        $host;
proxy_set_header        X-Forwarded-Server      $host;
proxy_set_header        X-Forwarded-For         $proxy_add_x_forwarded_for;
#proxy_set_header       X-Forwarded-For         $remote_addr;

proxy_set_header        X-Forwarded-Port        '443';
proxy_set_header        X-Forwarded-Ssl         on;
proxy_set_header        X-Forwarded-Proto       https;
proxy_set_header        Authorization           '';

#proxy_buffering        off;

#proxy_redirect        off;
#proxy_redirect        default;
proxy_redirect         http://example.net/ /;
proxy_redirect         https://example.net/ /;
#proxy_redirect        http://$host/ /;
#proxy_redirect        http:// https://;

#more_clear_headers    'referer';
#RequestHeader unset   referer
#proxy_hide_header     referer;
#proxy_ignore_headers  referer;

services.conf

location /sickbeard {
        proxy_pass        http://localhost:8081/sickbeard;
        include           proxy-control.conf;
        include           auth-basic.conf;
        proxy_set_header  Host localhost:8081;
        proxy_redirect    default;
        port_in_redirect  off;
}
#Change web_root in config.ini to /sickbeard (Sickbeard should be stopped while editing file), also for post processing add web_root to autoProcessTV.cfg
#web_root = /sickbeard
 
location /sabnzbd {
        proxy_pass        http://localhost:8082/sabnzbd;
        include           proxy-control.conf;
        include           auth-basic.conf;
	proxy_set_header  Host localhost:8082;
        proxy_redirect    default;
        port_in_redirect  off;
}
 
location /couchpotato {
        proxy_pass        http://localhost:5050/couchpotato;
        include           proxy-control.conf;
        include           auth-basic.conf;
        proxy_set_header  Host localhost:5050;
        proxy_redirect    default;
#See http://couchpotato.tenderapp.com/kb/tips/reverse-proxy
#URL base needs to be adjusted and make sure couchpotato is restarted once the change is in place

}

location /transmission {
        proxy_pass        http://localhost:9091/transmission;
        include           proxy-control.conf;
        include           auth-basic.conf;
}

location /headphones {
        proxy_pass        http://localhost:8181/headphones;
        include           proxy-control.conf;
        include           auth-basic.conf;
}
#You will need to make sure headphones is not running, and then modify its config.ini file in order to set:
#http_root = /headphones

site-available.conf

server {
        listen 443;

        include ssl.conf;
        include services.conf;
}

ssl.conf

ssl on;
ssl_certificate /usr/local/etc/ssl/server.cer;
ssl_certificate_key /usr/local/etc/ssl/server.key;

#ssl_session_timeout 5m;

ssl_protocols SSLv3 TLSv1;
#ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SH$
ssl_prefer_server_ciphers on;

This really helped me get everything running behind nginx, thanks!

Awesome stuff mate, going through customizing it for my own setup. Few questions though - do all the services need / benefit from proxy_set_header / port_in_redirect = off? I noticed that not all the apps have it in their nginx redirect section.

Also what does the auth-basic.conf do? Do I need to create a htpsswd file with credentials in it or something?

Sorry I haven't checked this in ages so I didn't see all these comments. The auth-basic.conf does read login credentials from htpasswd generated file. That is so I can protect the pages it links to as I make my site open to the internet.

The proxy header settings were added on a per app basis, as they work in different ways. Having it show up as port 80 can change the URLs and depending on the application it may not work properly. I guess this is months after you posted so you probably have figured it out already.