I have my main nginx site configurations in /etc/nginx/sites-available. These are all owned by root. Then I let w3tc store its settings wherever it wants to, in this case it likes to store them in /var/www/sitename.com/nginx.conf. Then I add the following within the server brackets of my nginx site config (/etc/nginx/sites-available/sitename.com):
location ~ /nginx.conf {
deny all;
}
This blocks people from reading w3tc’s nginx.conf. The rest of my configuration is set up according to https://codex.www.ads-software.com/Nginx.
