From 4602b8aa1ccc761af2b0843d6df9732ce9870f19 Mon Sep 17 00:00:00 2001
From: Martin Fischer <martin@push-f.com>
Date: Sun, 9 Mar 2025 19:55:25 +0100
Subject: fix(tente): close the connection for unknown Host headers

---
 nixos/hosts/tente/default.nix | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/nixos/hosts/tente/default.nix b/nixos/hosts/tente/default.nix
index 5d1bce9..c2b6491 100644
--- a/nixos/hosts/tente/default.nix
+++ b/nixos/hosts/tente/default.nix
@@ -100,6 +100,19 @@ in
     nginx = {
       enable = true;
       group = "www-data";
+
+      appendHttpConfig = ''
+        # Close the connection for unknown Host headers.
+        # If we don't do this nginx serves some random virtualhost.
+        server {
+          listen 80 default_server;
+          listen [::]:80 default_server;
+          listen 443 ssl default_server;
+          listen [::]:443 ssl default_server;
+          ssl_reject_handshake on;
+          return 444;
+        }
+      '';
     };
   };
 
-- 
cgit v1.2.3