The most obvious thing I can think of is file and directory permissions. Unless [b]absolutely necessary[/b], the user and group assigned to nginx should never have write permissions to anything. That reduces the risk of someone possibly discovering a bug or whole somewhere that lets them upload some script that messes up your server.
As strange a suggestion as it may be for us UNIX fans, I'd also suggest running an antivirus daemon (such as ClamAV's clamscan daemon to scan files being accessed, and freshclam daemon for auto update) for "just in case" someone does manage to upload something.
nmap can be a great tool to test your firewall. Run every check nmap has on your home computer (with home firewall disabled during the nmap scan only, to prevent interference) to make sure you've truly blocked what you don't need open.
Keep everything up-to-date, especially if a security update came out.
The only other suggestion I have is to review the configuration for nginx, php (if needed), database software (if needed), and anything else accessible to the outside, just to make sure it is configured correctly. Also, if you have the time and patience, review the code (HTML, PHP, etc.) for your web site.
--
Piki