In our production configuration, we did not configure the configuration of 80 mandatory jump 443
configuration as follows

server {
  listen 80 default_server;
  listen 443 ssl;
  server_name domain;
  server_name_in_redirect off;
  ssl_certificate /etc/nginx/ssl/full_chain_rsa.crt;
  ssl_certificate_key /etc/nginx/ssl/证书.key;
  ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
}

There is also a forced jump to do

server {
    listen 80;
    server_name www.domain.com;
    rewrite ^(.*)$ https://${server_name}$1 permanent; 
}
server {
    listen 443;
    server_name www.domain.com;
    root /home/wwwroot;
    ssl on;
    ssl_certificate /etc/nginx/certs/server.crt;
    ssl_certificate_key /etc/nginx/certs/server.key;
    ....
}