Can anybody detect file in directory www (nginx)?

There are different tools that can scan your website using a list (or lists) of popular files/folders. If you want to keep these files private but still accessible to someone, you can:

1. Name them unusually (you can simply use a hash of the file as the filename, that would take years to guess the name)
2. Restrict access to files/folders using HTTP authentication.
3. Place them outside of your root folder (e.g. in /var/www/private/) and write a simple page that will read the file (you can still add auth and everything, e.g. IP whitelisting) in your favorite language (Ruby, PHP, NodeJS, Python, Go, etc.)

I'd go with the second one. See the nginx documentation to learn how to configure it.

Is very unsecured to left data only behind index.html. A lot of tools is designed to search this files. Named for this tools are URL fuzzer. You have online version here.

The URL Fuzzer uses a custom built wordlist for discovering hidden files and directories. The wordlist contains more than 1000 common names of known files and directories. For each WORD in the wordlist, it will make an HTTP request to: Base_URL/WORD/ or to Base_URL/WORD.EXT in case you chose to fuzz a certain EXTension.

Edit 1

Meybe "behind" is not best expression. You can create additional folder in DokumentRoot folder on you site and protect them with .htaccess. Configuration of .htaccess you can find here. You will get folder with username/passwork protection.