Stop "Passing Uncontrolled Requests to PHP"
Many example NGINX configurations for PHP on the web advocate passing every URI ending in .php to the PHP interpreter. Note that this presents a serious security issue on most PHP setups as it may allow arbitrary code execution by third parties.
The fix is (probably) to use
try_files $uri =404; as mentioned in the link.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information