This is a great approach. I currently pass the tenant ID from the subscription on the client, but will have to take a look at this approach of just grabbing it on the server instead.
I have two tenant-related items stored on the user object:
currentOrg is a string representing the organization that the user is currently logged into. This is used as a variable for all publications.
tenants is an array (actually, really should be an object) of all the organizations a user has access to.
Then I use the Roles package to manage permissions within each tenant by matching the Roles group to the tenant ID.
When I create a new user, I first check if the email address already exists, and if so just append the
tenants credentials to their user profile and send a separate welcome email.
I know there's ways to make it better, but that seems to be working for now. Like you, I'd like to better understand how to setup Nginx to use subdomains.
Hope that helps!