We used something just like that to map users' home directories, but it doesn't solve the problem of not being able to set a unique root directory for each user case. Nginx accepts just one root dir setting, and it can't be conditionally set (or overwritten in a later if-else scenario) by putting it inside a location clause. One solution is to globally set /home as the definite root for all user location cases, but this does not sit alright with me - the document root should just not sit outside the target's home.

This example uses the alias directive, which can be set inside location clauses unlike the root directive. The distinction between root and alias isn't the most user friendly, but I think this setup is effectively the same as separate roots per user. Unless otherwise configured, users will not be able to access anything directly in /home, only in the user subdirectories.

That being said, I have no problems with Apache, especially if it's already in place and working.

Alias does not change the root dir, according to Nginx documentation. This was what made us believe that through eventual exploit, it could be possible to reach the active root dir through a completely different path as set per alias. In addition to that, having an erroneous document root communicated to CGI components such as PHP or mod_perl can lead to problems. We're still following Nginx development, in case things evolve.