/etc/gps.conf is a symlink to /vendor/etc/gps.conf, so both are fine. A reboot is not needed as the configuration is picked up by geoclue-hybris whenever GPS is enabled. But the settings are only passed to the Android subsystem, if you allow online access for the location services in /etc/location/location.conf.
If you set SUPL_HOST to a server reachable from the internet, you can run a TLS server on port 7275 and will see incoming requests as soon as you enable GPS on the phone. But even though I provide a proper certificate chain, the handshake never succeeded. Probably the CA cert is not available in the SoC.
Here is a snippet from my gps.conf:
NTP_SERVER=europe.pool.ntp.org
DEBUG_LEVEL = 2
INTERMEDIATE_POS=1
CAPABILITIES=0x37
SUPL_HOST=supl.google.com
SUPL_PORT=7275
SUPL_MODE=1
SUPL_ES=1
SUPL_VER=0x10000
LPP_PROFILE=2