> I added:
> proxy_set_header X-Forwarded-Ssl on;

I think if nginx is used as main back-end (without Apache), this header means nothing.

In this case just refer this guide: https://scotthelme.co.uk/setting-up-hsts-in-nginx/

If I'm not right, and there is also Apache server, follow:
http://stackoverflow.com/questions/16042647/whats-the-de-facto-standard-for-a-reverse-proxy-to-tell-the-backend-ssl-is-used

С наилучшими пожеланиями,

Яницкий Вадим.