nginx catch-all catching everything

Question

Hello so I got this default file

server {
    listen 80 default_server;
    listen 443 default_server;
    listen [::]:80 default_server;
    listen [::]:443 default_server;
    server_name _;
    return 444;
}

This catches everything... in the same folder (sites-enabled) I got my domain.com file

server {
    listen 80;
    server_name my.domain.com;
    location /.well-known/acme-challenge {
        default_type "text/plain";
        root /storage/webserver/certbot;
    }
    #Forces all other requests to HTTPS
    location / {
        return 301 https://$host$request_uri;
    }
}
server {
    listen 443 ssl http2;
    server_name my.domain.com;
    ## SSL STUFF ##
    root /path/to/root;
    index index.html index.php;

    location / {
        try_files $uri $uri/ $uri.html;
    }


    ### Site config
}

If I leave the default disabled (removed) and go to my.domain.com I see my page. now if I add the default file I get a 444 from Nginx(Closed). Why..?

EDIT: After some testing I found the issue to be the listen 443 default_server; part it catches every https request, why?? I have a block with my domain and listen 443!

Answer 1

According to this answer https://serverfault.com/a/841646/459947

I had to add a certificate to the catch_all. After I did that with a self signed certificate I get 444 on my IP (correct as it doesn't have a block) and SSL warning and 444 when accepting on HTTPS my IP. So this works for me, I wish there was a better way to do it.

server {
    listen 80 default_server;
    listen 443 ssl default_server;
    server_name _;
    ssl_certificate <path to cert>
    ssl_certificate_key <path to key>
    return 444;
}

According to https://serverfault.com/a/593668/459947 you could do a if on the blocks to check if the domain is correct. I mean I guess it works, but I don't want to add that to each block. I you think this is a better idea, let me know.