From 8f051ad319065323b985550b9d974d3a866b4df6 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Fri, 17 Jul 2020 16:22:00 +0200
Subject: [PATCH] services: letsencrypt: 404 on unknown subdomains

---
 letsencrypt/nginx/site-confs/default | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/letsencrypt/nginx/site-confs/default b/letsencrypt/nginx/site-confs/default
index 7f76447..a444878 100644
--- a/letsencrypt/nginx/site-confs/default
+++ b/letsencrypt/nginx/site-confs/default
@@ -8,11 +8,24 @@ server {
     return 301 https://$host$request_uri;
 }
 
-# main server block
+# Default to showing 404 on unknown subdomain or missing host header
 server {
     listen 443 ssl http2 default_server;
     listen [::]:443 ssl http2 default_server;
 
+    server_name _;
+
+    # all ssl related config moved to ssl.conf
+    include /config/nginx/ssl.conf;
+
+    return 404;
+}
+
+# main server block
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
     root /config/www/hugo;
     index index.html;