And, perhaps confusingly, force_ssl doesn't require your rails app server to be running over https. It is happy as long as the x-forwarded-proto header is set to https by your proxy.
The problem with configuring nginx or whatever to do the things rails does for you is you are coupling your app nginx. If you ever want to move it to some other tls terminator you need to remember to port all that configuration over.
If you can. The new server might not support all that, and then you need to move it to rails anyway. But if you know you'll be on nginx forever it is fine.