http {
server {
location ~ /\.git {
deny all;
}
}
}
This location directive will deny access to any .git directory in any subdirectory.
Note: This location block must be before your main location block, so that it can be evaluated first.