File permissions with nginx and chrooted SFTP users

We are moving to a new box and I'm making an effort to do things right, or at least better.

CentOS 8.1

I have setup SFTP users. They are added to a group called sftp_users. They are chrooted to their username specific directory in /var/www with their home directory in it. Example:

/var/www/domain.com/web

The following permissions were run:
chown -R root:sftp_users /var/www/domain.com
chown -R domain.com:sftp_users /var/www/domain.com/web

I installed nginx and setup a server block for domain.com:
root /var/www/domain.com/web;

nginx is running with the user 'nginx' according to ps -ef | grep nginx

I have created a simple index.html file at /var/www/domain.com/web/index.html. When I try to access it via the browser the nginx log says:
open() "/var/www/domain.com/web/index.html" failed (13: Permission denied)

index.html is 644
/var/www/domain.com/web is 755

What am I doing wrong? I think I have to do something with the nginx user but I am not sure I should change the owner on the directories because of chroot.

Thanks.