Correct way in new versions of nginx

Turn out my first answer to this question was correct at certain time, but it turned into another pitfall - to stay up to date please check Taxing rewrite pitfalls

I have been corrected by many SE users, so the credit goes to them, but more importantly, here is the correct code:

server {
       listen         80;
       server_name    my.domain.com;
       return         301 https://$server_name$request_uri;
}

server {
       listen         443 ssl;
       server_name    my.domain.com;
       # add Strict-Transport-Security to prevent man in the middle attacks
       add_header Strict-Transport-Security "max-age=31536000" always; 

       [....]
}

Yes, the F5 may be intercepting and rewriting the redirect to be HTTPS.

Find the HTTP Profile that is associated with your Virtual Server. What is "Rewrite Redirects" set to? Since you're the developer of the app, you probably want None. (Remember to make a new HTTP profile for your app rather than edit the default one.)

This option is designed to handle redirects from applications that aren't really SSL Offload aware.

There's a good article about this option on DevCentral.

On a related note, why are you redirecting back to HTTP? If your BIG-IP is hardware (not Virtual Edition) then it probably handles 500-2000 SSL TPS depending on licensed modules. What is your traffic load? I'm guessing you're unlikely to be establishing over 500 new SSL connections per second. It could be easier and more secure to keep everything on HTTPS.