If you want to enable HSTS on your nginx webserver, this is how you do it:
add_header Strict-Transport-Security "max-age=315360000; includeSubdomains";
You need to put this only on the https server, *not *on the http only server - it wont work on http only.