So, my setup is like
Nginx (very brief):

listen 80;
server_name x.y.z;
return 301 https://x.y.z;

listen 443 ssl;
location / {
auth_basic "By Invitation Only";
auth_basic_user_file secrets/passwords;

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

so http://x.y.z -> https://x.y.z -> popup for user/pass -> proxy to no ssl on the internal proxy

E.g. Radarr configured without SSL with login page

nzb360 setup like

nzb360 crashes every time