When setting up https on an existing server, you need to provide a redirect for all those visitors arriving via http backlinks. Here is how to do this.
Attack vectors against TLS, implementation bugs, and how to mitigate TLS vulnerabilities in NGINX
In light of documented TLS vulnerabilities and implementation bugs, understanding known attack vectors becomes a necessity.
TLS 1.3 (with AEAD) and TLS 1.2 cipher suites demystified: how to pick your ciphers wisely
Until the day TLS 1.3 becomes widely supported, web servers must rely on a fallback to TLS 1.2 with correctly configured server directives and strong cipher suites. Pick the wrong settings and you declare an open season on your server.