reorganize nginx config

override/etc/nginx/nginx.d/default.conf

@@ -1,47 +1,20 @@
+#SSL:server {
+#SSL:	listen 80 default_server;
+#SSL:	server_name _;
+#SSL:	return 301 https://$server_name$request_uri;
+#SSL:}
+
 server {
-	listen 80 default_server;
-	#SSL:listen 443 http2 ssl;
-	#SSL:ssl_certificate /mnt/config/ssl/live/REPLACE_WITH_DOMAIN_NAME/fullchain.pem;
-	#SSL:ssl_certificate_key /mnt/config/ssl/live/REPLACE_WITH_DOMAIN_NAME/privkey.pem;
-	#SSL:ssl_trusted_certificate /mnt/config/ssl/live/REPLACE_WITH_DOMAIN_NAME/chain.pem;
-
 	server_name _;
+	include /mnt/config/etc/nginx.d/_server_local.inc;
 	root /mnt/media;
 
-	autoindex off;
-	expires $expires;
-	set_real_ip_from REPLACE_WITH_TRUSTED_PROXY_SUBNET;
-	real_ip_header X-Real-IP;
-	real_ip_recursive on;
-
-	location ~ /\. {
-		deny all;
-	}
-	
-	# ======== #
-	# Security #
-	# ======== #
-
 	location ~ /_h5ai/($|CHANGELOG.md$|README.md$|private/) { deny all; }
 
-	# ======================================== #
-	# YOU CAN DELETE THIS IF YOU DON'T NEED IT #
-	# ======================================== #
+	#location ~ /local/ {
+	#	allow 192.168.0.0/16;
+	#	deny all;
+	#}
 
-	location ~ /local/ {
-		allow 192.168.0.0/16;
-		deny all;
-	}
-
-	# ======= #
-	# PHP-FPM #
-	# ======= #
-
-	location ~ \.php$ {
-		try_files $uri =404;
-		fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
-		fastcgi_index index.php;
-		include /etc/nginx/fastcgi_params;
-		fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
-	}
+	include /mnt/config/etc/nginx.d/_server_php.inc;
 }