Configure http server to only listen on known vhosts/IP

For the rest it returns 404

Fixes #446

setup/start/nginx/nginx.conf

@@ -36,28 +36,15 @@ http {
     # zones for rate limiting
     limit_req_zone $binary_remote_addr zone=admin_login:10m rate=10r/s; # 10 request a second
 
-    # HTTP server
+
+    # default http server that returns 404 for any domain we are not listening on
     server {
-        listen      80;
-        listen      [::]:80;
-
-        # collectd
-        location /nginx_status {
-            stub_status on;
-            access_log off;
-            allow 127.0.0.1;
-            deny all;
-        }
-
-        # acme challenges
-        location /.well-known/acme-challenge/ {
-            default_type text/plain;
-            alias /home/yellowtent/platformdata/acme/;
-        }
+        listen      80 default_server;
+        listen      [::]:80 default_server;
+        server_name does_not_match_anything;
 
         location / {
-            # redirect everything to HTTPS
-            return 301 https://$host$request_uri;
+            return 404;
         }
     }