I'm using mod_cluster to connect my Torquebox server to Apache 2, serving up a Rails application. Since SSL termination is occurring at the Apache level, all communication between Apache and Torquebox (AS 7.1) is done without SSL. Rails then thinks it's working over plain HTTP and alters it's behavior accordingly: any generated URLs will use the "http" scheme and it will not allow the creation of cookies with the "secure" attribute set. I don't know if other frameworks behave similarly, but I suspect some do.
As it turns out, setting the X_FORWARDED_PROTO header to "https" fixes the problem in Rails. It then knows that it's being served up over SSL. I've added it to my vhost, but it'd be nice if mod_cluster handled this out of the box. Unlike other proxy startegies, there's no clear way to tell mod_cluster to communicate over a secure channel to the AS instance. I think setting this header then is in keeping with the expected behavior.