after we were able to "hack" a few new big Magento2 shops running on nginx, we immediately told them about the problem,and something they were able to fix, but unfortunately not all.
we came to the conclusion that users do not fully understand how the nginx server is configured and how it works.not everyone have access to the System Administrator.
'cause with Apache basically a bunch of .htaccess files that simply regulate the application work.and you dont have to think about it.
in this case with nginx it is not so easy to just run the application out of the box,every configuration, every rule must be rewritten.
the main problem is incorrectly set the root location, then wrong regex in locations, plus lack of deny rules,mistakes like these give you access to almost everything.
we decided to offer the community a ready configuration, assembled and testedthis configuration was created according to Magento2 folders structure and existing .htaccess files.
we know - those who understand, will be able to write your own configuration,but those people who blindly copy - they always make very serious errors that lead to problems.
We will be ready to improve the configuration on your request.