If NGinx sets HSTS headers as well, then you can turn the setting off in Mahara:
Log in and go to Admin -> Configure site -> Site options -> Security settings and set "HSTS override" to "Yes"
To verify things are working you should see in the headers strict-transport-security: max-age=15768000
and not strict-transport-security: max-age=63072000 strict-transport-security: max-age=15768000
If NGinx sets HSTS headers as well, then you can turn the setting off in Mahara:
Log in and go to Admin -> Configure site -> Site options -> Security settings and set "HSTS override" to "Yes"
To verify things are working you should see in the headers transport- security: max-age=15768000
strict-
and not transport- security: max-age=63072000 transport- security: max-age=15768000
strict-
strict-