Queries in NGINX proxy features

We are designing a deployment were NGINX front ends all incoming https
connection and then forwards it to multiple web containers like
Tomcat and Node.js which listen on internal ports on

I have some questions here

  1. Is it possible to route Outbound connection through NGINX as well.
    I.e for requests outbound from Tomcat/Node.js, can the requests be
    forwarded to an internal nginx port first over HTTP and then Nginx will
    proxy them to the destination over HTTPS?
  2. Are there any high to medium severity known threats for having an
    HTTP connection between nginx and the other web containers listening on
    local ports on the same machine instead of using HTTPS.Is is there any
    other alternative?
  3. What is the best way to allow access from a list of know IP
    addresses at the NGINX layer. That is a White list of Ips. Would it be
    by using mod_security or the ngx_http_access_module. Is the one better
    over the other?


One of the things that I did was to use unix sockets to the backend.