I do phpBB consulting. I am noticing more issues with phpBB and nginx and phpBB and mod_security.
With nginx on shared hosting I am noticing quirks. For example, just the other day I had a client who failed to upgrade to phpBB 3.2 because a "No input file found" error message during the update. The host this time was GoDaddy and the web server I believe is nginx. It's hard to tell because the web server reports "CGI/FastCGI". When I spoke with GoDaddy support they said it was Apache, but I don't believe them. In any event after extensive trial and error I found the only way I could upgrade the forum was to convert the database on my machine (running Apache under XAMPP) then upload the database.
I've had similar quirks like this where the web server shows "CGI/FastCGI" that I believe is running nginx, specifically issues that only went away when mod_security was disabled. In one recent case an attempt to login into the ACP redirected everything to the site's main page. The host in this case was Dreamhost and I could not fix it until I figured out how to disable mod_security via their strange control panel.
I think the two issues are interrelated. For nginx, I think hosts are configuring nginx in some way that causes phpBB to behave incorrectly. My understanding is there is a nginx.conf file somewhere that controls nginx. I have read that unlike Apache you can't change the .htaccess file to change certain web server configurations. I don't believe there is a way to create your own file to override nginx settings.
I also suspect that mod_security has a set of rules for how it is configured and either the defaults or the way web hosts area configuring it is causing a lot of these problems.
So I'm wondering if some sort of research project is needed to provide guidance to web hosts on configuring nginx and mod_security for phpBB. Most hosts seem to be centered around the Wordpress framework and optimizing for that. Since I am seeing a steady increase in these issues I think some attention is warranted. I'm hoping there is someone in the community with nginx and/or mod_security expertise that can post some recommendations.
In particular if there are ways to override these settings for a forum I'd like to learn more. For Apache I've been successful disabling mod_security in the .htaccess file.
I suspect that most phpBB forums are on shared hosting so some best practices are needed.