server-configs-nginx/conf.d/no-ssl.default.conf

# ----------------------------------------------------------------------
# | Default behavior for unknown hosts                                 |
# ----------------------------------------------------------------------
#
# Drop requests for unknown hosts
#
# If no default server is defined, Nginx will use the first found server.
# To prevent host header attacks, or other potential problems when an unknown
# servername is used in a request, it's recommended to drop the request
# returning 444 "no response".
#
# (1) In production, only secure hosts should be used (all `no-ssl` disabled).
#     If so, redirect first ANY request to a secure connexion before handling it
#     even if the host is unknown.
#
#     https://observatory.mozilla.org/faq/

server {
  listen [::]:80 default_server deferred;
  listen 80 default_server deferred;

  server_name _;

  # (1)
  # return 301 https://$host$request_uri;
  return 444;
}