I recently heard of HSTS which is a way to force users to come back to your website in SSL if they’ve already be to HTTPS once. It is simple, just add this line:
# HSTS (force users to come in SSL if they've already been once)
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
If you want to have an overview of a complete configuration with it, look at the my wiki.