NGINX Reverse Proxy, Part Two

Coming back to this today. I was thinking that I should not have to have the proxy go back out to the internet and through an extra open port. I need to fix this. I made the following change to the config file:

server {
    listen 443;
    server_name monica.domain.com;
    location / {
        proxy_set_header Host $host;
        proxy_pass https://monica.domain.local;
        proxy_redirect off;
    }
}

This redirects my requests to Monica over HTTPS but still don't have the certificate working. It looks like this is supposed to be solved by updating the config file to:

server {
    listen 443;
    server_name monica.domain.com;
    location / {
        proxy_set_header Host $host;
        proxy_pass https://monica.domain.local;
        proxy_redirect off;
        proxy_set_header X-SSL_Cert $ssl_client_escaped_cert;
    }
}

Regretfully this did not work. I found a number of other solutions online that all failed. The last answer I had found recommended is to specify the location of the ssl_certificate and ssl_certificate_key. But I'm confused as to where that location is supposed to be. Is it the NGINX proxy or the final destination? I'll have to play with it tomorrow and figure it out.