I’ve set up a couple of servers recently to host Munki and generally prefer to use nginx now that macOS doesn’t ship with a built-in web server.
Allowing nginx to host files from anywhere on Macintosh HD is a bit tricky however due to SIP.
I generally will never have a Mac running long-term with SIP disabled however as it’s a pretty serious security risk.
I initially tried granting Full Disk Access to the nginx binary to allow it to work with SIP, however from memory this didn’t completely work. I instead had to grant access to the daemondo binary instead, which is the binary that launches nginx.
To do this, open /opt/local/bin in the Finder, open System Settings > Privacy & Security and drag the daemondo binary into the list on the right.