I've removed the lines from this page instructing users to set the php configuration parameter cgi.fix-pathinfo=0

This line is included in a lot of on-line how-to guides for Nginx/PHP and is explained as a security restriction, see, here and here

In summary, within the context of Nginx and php-fpm the best(?) way to handle potential PATH_INFO vulnerabilities as described in those articles is to use the default behaviour of php-fpm, i.e. within,

/etc/php5/fpm/pool.d/www.conf (debianised)

security.limit_extensions = .php

Either way will work just fine, but this is one step less with no real down sides...

Links:
https://nealpoole.com/blog/2011/04/setting-up-php-fastcgi-and-nginx-dont-trust-the-tutorials-check-your-configuration/
http://serverfault.com/questions/627903/is-the-php-option-cgi-fix-pathinfo-really-dangerous-with-nginx-php-fpm

I want to propose to add the information how to get Nginx working in MAMP to be able to develop with the same server potentially used on a live site. I needed to research a long time to find this information.

For MAMP add the following two Lines on the Nginx settings page for »Additional parameters ...«

rewrite ^/(.*)/(.*\.php)(/)(.*)$ /$1/$2?file=/$4 last; rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last;

Support installations in a subpath (subdirectory)

The directives and the examples assume that Moodle is installed at the top directory: - it is available at https://www.example.com - and not at https://www.example.com/lms2023

In the latter case the nginx rules will fail to match.

Error document section removed (prematurely?)

Noticed that the following part on the configuration for 403 and 404 errors was removed from the 4.5 page. As far as I know, r.php isn't yet ready to handle those errors, shouldn't we possibly keep the following configuration and have the r.php configuration made part of the docs for 5.0?

Error pages

1. This passes 404 pages to Moodle so they can be themed

error_page 404 /error/index.php; error_page 403 =404 /error/index.php;