From 40cadff2f9c97b42530aa2754ddfc21e97ad5aa2 Mon Sep 17 00:00:00 2001
From: Steven Eardley <steve@eardley.xyz>
Date: Fri, 20 Dec 2024 12:48:23 +0000
Subject: [PATCH] drop unknown hosts in nginx config

---
 deploy/nginx/production/doaj | 17 +++++++++++++++++
 deploy/nginx/test/doaj       | 17 +++++++++++++++++
 2 files changed, 34 insertions(+)

diff --git a/deploy/nginx/production/doaj b/deploy/nginx/production/doaj
index 56375fb19..6f3e84970 100644
--- a/deploy/nginx/production/doaj
+++ b/deploy/nginx/production/doaj
@@ -305,3 +305,20 @@ server {
     ssl_certificate /etc/letsencrypt/live/doajes.cottagelabs.com/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/doajes.cottagelabs.com/privkey.pem;
 }
+
+# Catch and throw away any requests to an unknown host
+server {
+  listen 80 default_server;
+  return 444;
+}
+
+server {
+  listen [::]:443 ssl http2 default_server;
+  listen 443 ssl http2 default_server;
+  server_name _;
+
+  ssl_certificate /etc/letsencrypt/live/doaj.org/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/doaj.org/privkey.pem;
+
+  return 444;
+}
\ No newline at end of file
diff --git a/deploy/nginx/test/doaj b/deploy/nginx/test/doaj
index 0f618c758..8f045ac08 100644
--- a/deploy/nginx/test/doaj
+++ b/deploy/nginx/test/doaj
@@ -120,3 +120,20 @@ server {
         proxy_pass http://doaj_index;
     }
 }
+
+# Catch and throw away any requests to an unknown host
+server {
+  listen 80 default_server;
+  return 444;
+}
+
+server {
+  listen [::]:443 ssl http2 default_server;
+  listen 443 ssl http2 default_server;
+  server_name _;
+
+  ssl_certificate /etc/letsencrypt/live/testdoaj.cottagelabs.com/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/testdoaj.cottagelabs.com/privkey.pem;
+
+  return 444;
+}
\ No newline at end of file