redirecionamento NGINX HTTPS funciona parcialmente

Eu tento redirecionar todo o meu tráfego em https. Eu uso AWS, passageiro + NGINX.

Até agora, com o meu smartphone (android), a última versão do Chrome: link redireciona para https ...

em casa no meu computador última versão chrome reddirect também. Mas em outros computadores, não redireciona.

É claro que em todos os lugares o link funciona quando acessado de maneira direta.

aqui está o meu conf:

#user  adrien;

events {
    worker_connections 768;
    # multi_accept on;
}

http {
  passenger_root /home/ubuntu/.rvm/gems/ruby-2.3.1/gems/passenger-5.0.30;
  passenger_ruby /home/ubuntu/.rvm/gems/ruby-2.3.1/wrappers/ruby;

  server_tokens off;
  add_header X-Frame-Options SAMEORIGIN;
  add_header X-Content-Type-Options nosniff;
  add_header X-XSS-Protection "1; mode=block";
  add_header Content-Security-Policy "default-src 'self'; script-src 'self' https://bam.nr-data.net https://js-agent.newrelic.com 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://secure.gravatar.com https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'";

  ssl_session_cache shared:ssl_session_cache:10m;

  server {
    listen      80 default_server;
    server_name xeralis.eu www.xeralis.eu;
    return      301 https://$host$request_uri;
  }

  server {
    listen 443;
    server_name xeralis.eu www.xeralis.eu;

    ssl on;
    ssl_session_timeout 5m;
    ssl_certificate /etc/ssl/nginx.crt;
    ssl_certificate_key /etc/ssl/nginx.key;

    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    ssl_prefer_server_ciphers   on;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
    ssl_dhparam /etc/ssl/dhparams.pem;

    resolver 8.8.8.8;
    # Rails add its own headers with force_ssl: true
    # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

    passenger_enabled on;
    passenger_friendly_error_pages on;
    rails_env development;
        root   /home/ubuntu/www/rails/mercipublic/public;

    location /cable {
        passenger_app_group_name gorails_websocket;
        passenger_force_max_concurrent_requests_per_process 0;
    }

    location ~* ^/assets/ {
        gzip_static on;
        expires max;
        add_header Cache-Control public;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
      root html;
    }

    keepalive_timeout 10;
    }
}

Este conf me dá uma marca de 'A' nos laboratórios SSL. o que eu poderia fazer para fazer o meu site funcionar de qualquer lugar, sempre redirecionando o HTTP para HTTPS

** Editar cabeçalhos em resposta a http **

Demonstration:
Warning: Setting custom HTTP method to HEAD with -X/--request may not work the Warning: way you want.
Consider using -I/--head instead.
curl: (7) Failed to connect to xeralis.eu port 80: Connection refused

with -I:
Failed to connect to xeralis.eu port 80: Connection refused

** Editar cabeçalhos em resposta a https **

Warning: Setting custom HTTP method to HEAD with -X/--request may not
work the Warning: way you want. Consider using -I/--head instead.
HTTP/1.1 200
OK Date: Tue, 28 Feb 2017 22:36:59 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 11339 Connection: keep-alive
Set-Cookie: AWSALB=1AbTZpK/eslWt+5VDBK1wqKygcY30U73T36e8987HvJVTR2iE4jqD2W51m+pwEvvzd+Y9wazTTG1rrh2T0BNsNE+TDB9mD5Bl1EADEFWL9hxlHQsqOuQ6/p6qXjy; Expires=Tue, 07 Mar 2017 22:36:59 GMT; Path=/
Status: 200 OK
Cache-Control: max-age=0, private, must-revalidate
ETag: W/"4b9c4360372ca37d2116059c2018043b"
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Runtime: 0.081279
X-Request-Id: 288d1d28-b6ae-420f-9c87-9e016873c900 Set-Cookie: _mercipublic_session=aEdtcW9NRFlQSytSL1VFTmFoVlNHd0RCUXk1ZzFCaFo3ak5RUGQ0SmRocC9MVmxmd0VnNWxZem5sUDlySTUxVDlDVGFIZTRBbVFwRGwvOXpSNmhReTh6Z2d4MkpVQWhVL2Z6bGJ3UWt3U3BqRXNsMjZSUnNXOW55OEtOTk9GUzdzbERnSWJXR3c2Y2F1dUF2RmRNWlhBPT0tLWUyYWl5aWlsT3lUS2s2YXkya0JJNVE9PQ%3D%3D--e896f790c978b429d6644055f2e8c827d07657c2; path=/; HttpOnly
X-Powered-By: Phusion Passenger 5.0.30
Server: nginx + Phusion Passenger 5.0.30
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; script-src 'self' https://bam.nr-data.net https://js-agent.newrelic.com 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://secure.gravatar.com https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'

** EDIT 2 meio problema resolvido ** O problema estava vindo do ELB da AWS. Eu tinha apenas um ouvinte em 443. Então, é claro que estava bloqueando os 80 ...

Agora, a única coisa que preciso resolver é por que o redirecionamento não está funcionando enquanto o HTTP e o HTTPS funcionam