https is a secure connection achieved with a certificate (click the padlock in your browser while on the forums here and you will see Balena’s certificate allowing your secure connection). They are gained by using things like Let’s Encrypt (can Google it) to generate a certificate that can be validated. The validation tends to depend on internet access and re-generating the certificate every 90 days (unless you pay for it). For this reason, https on a device like a Balena IoT device is probably not what you are looking for. Especially as you are likely using it locally and not over the internet, so the benefits aren’t really there.
The cross origin issue is likely a security policy on NGINX and/or your app, which stops you working across domains (i.e. http://one.local to http://two.local). If the two paths are on the same domain (I.e. http://one.local/one and https://one.local/two) it will probably go through. Otherwise, try Googling how to disable CORS.
Hard to add much more without knowing more details on the setup.
This isn’t really a Balena related issue or question. Doesn’t mean it can’t be posted here necessarily, but probably explains the radio silence from the Balena team, it’s more a community question.
Looking at it again I see the Balena URL you are referring to, so maybe a lot of the above isn’t valid. Hopefully of some help though, worth exploring the CORS. I don’t see any reason why that wouldn’t work using a reverse proxy as you are. Also take a look at the server name and try making it a catch all rather than localhost, so it knows it is listening on the web address specified: Server names
If still struggling would be helpful to see the docker-compose files and NGINX files.