The in phpBB 3.3.15 at docs/nginx.sample.conf shipped nginx config files could receive some minor improvements / updates:

Suggestion 1

There is a comment:

# phpBB uses index.htm

but phpBB is actually using index.php or am i'm wrong?

Suggestion 2

Then:

location ~ /(config|

could be:

location ~ ^/(config|

to make the pattern more strict.

Suggestion 3

Furthermore the same block got changed in the scope of PHPBB-16890 from:

location ~ /(config\.php|

to:

location ~ /(config|

but wouldn't it make sense to use the following instead (only deny access to config.php and config folder) to not "overblock" too much:

location ~ /(config(\.php|/)|

Suggestion 4

Finally the two

location @rewriteapp {

...

location @rewrite_installapp {

are using:

^(.*)$

(zero or more times match) which could use:

^(.+)$

(one or more times match) as otherwise an empty string could be evaluated as well.