A quick glance at the Nginx config says that it doesn't reflect the level of consideration in the OP's linked PDF.
This is why I'd like the SSLLabs + Mozilla + other parties to work together to produce a single set of configs that reflect the combined best practise. To ensure that this is a complete thing.
I don't know how good it is because I have not looked.