Adding "port_in_redirect off;" which fixes the problem caused when your router is forwarding from a different port. This stops nginx from adding the port back in which is needed in a couple cases.

auth-basic.conf

auth_basic              "Restricted";
auth_basic_user_file    /usr/local/etc/nginx/htpasswd;

index.html

<html>
	<head>
		<title>My NGINX Proxies</title>
	</head>
	<body>
		<h1>
			Welcome to my stuff</h1>
		<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
			<a href="/sickbeard">/sickbeard</a></p>
		<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
			&nbsp;</p>
		<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
			<a href="/sabnzbd">/sabnzbd</a></p>
		<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
			&nbsp;</p>
		<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
			<a href="/couchpotato">/couchpotato</a></p>
		<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
			&nbsp;</p>
		<p style="margin: 0px; font-size: 11px; font-family: Menlo;">
			<a href="/transmission">/transmission</a></p>
	</body>
</html>

proxy-control.conf

proxy_connect_timeout   59s;
proxy_send_timeout      600;
proxy_read_timeout      600;
proxy_buffer_size       64k;
proxy_buffers           16 32k;
proxy_pass_header       Set-Cookie;
proxy_hide_header       Vary;

proxy_busy_buffers_size         64k;
proxy_temp_file_write_size      64k;

proxy_set_header        Accept-Encoding         '';
proxy_ignore_headers    Cache-Control           Expires;
proxy_set_header        Referer                 $http_referer;
proxy_set_header        Host                    $host;
proxy_set_header        Cookie                  $http_cookie;
proxy_set_header        X-Real-IP               $remote_addr;
proxy_set_header        X-Forwarded-Host        $host;
proxy_set_header        X-Forwarded-Server      $host;
proxy_set_header        X-Forwarded-For         $proxy_add_x_forwarded_for;
#proxy_set_header       X-Forwarded-For         $remote_addr;

proxy_set_header        X-Forwarded-Port        '443';
proxy_set_header        X-Forwarded-Ssl         on;
proxy_set_header        X-Forwarded-Proto       https;
proxy_set_header        Authorization           '';

#proxy_buffering        off;

#proxy_redirect        off;
#proxy_redirect        default;
proxy_redirect         http://example.net/ /;
proxy_redirect         https://example.net/ /;
#proxy_redirect        http://$host/ /;
#proxy_redirect        http:// https://;

#more_clear_headers    'referer';
#RequestHeader unset   referer
#proxy_hide_header     referer;
#proxy_ignore_headers  referer;

services.conf

location /sickbeard {
        proxy_pass        http://localhost:8081/sickbeard;
        include           proxy-control.conf;
        include           auth-basic.conf;
        proxy_set_header  Host localhost:8081;
        proxy_redirect    default;
        port_in_redirect  off;
}
#Change web_root in config.ini to /sickbeard (Sickbeard should be stopped while editing file), also for post processing add web_root to autoProcessTV.cfg
#web_root = /sickbeard
 
location /sabnzbd {
        proxy_pass        http://localhost:8082/sabnzbd;
        include           proxy-control.conf;
        include           auth-basic.conf;
	proxy_set_header  Host localhost:8082;
        proxy_redirect    default;
        port_in_redirect  off;
}
 
location /couchpotato {
        proxy_pass        http://localhost:5050/couchpotato;
        include           proxy-control.conf;
        include           auth-basic.conf;
        proxy_set_header  Host localhost:5050;
        proxy_redirect    default;
#See http://couchpotato.tenderapp.com/kb/tips/reverse-proxy
#URL base needs to be adjusted and make sure couchpotato is restarted once the change is in place

}

location /transmission {
        proxy_pass        http://localhost:9091/transmission;
        include           proxy-control.conf;
        include           auth-basic.conf;
}

location /headphones {
        proxy_pass        http://localhost:8181/headphones;
        include           proxy-control.conf;
        include           auth-basic.conf;
}
#You will need to make sure headphones is not running, and then modify its config.ini file in order to set:
#http_root = /headphones

site-available.conf

server {
        listen 443;

        include ssl.conf;
        include services.conf;
}

ssl.conf

ssl on;
ssl_certificate /usr/local/etc/ssl/server.cer;
ssl_certificate_key /usr/local/etc/ssl/server.key;

#ssl_session_timeout 5m;

ssl_protocols SSLv3 TLSv1;
#ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SH$
ssl_prefer_server_ciphers on;

Thanks for the comments regarding changing the base URLs, I couldn't figure that part out for some reason

This really helped me get everything running behind nginx, thanks!

Awesome stuff mate, going through customizing it for my own setup. Few questions though - do all the services need / benefit from proxy_set_header / port_in_redirect = off? I noticed that not all the apps have it in their nginx redirect section.

Also what does the auth-basic.conf do? Do I need to create a htpsswd file with credentials in it or something?

Sorry I haven't checked this in ages so I didn't see all these comments. The auth-basic.conf does read login credentials from htpasswd generated file. That is so I can protect the pages it links to as I make my site open to the internet.

The proxy header settings were added on a per app basis, as they work in different ways. Having it show up as port 80 can change the URLs and depending on the application it may not work properly. I guess this is months after you posted so you probably have figured it out already.