Nginx loading non existent subdomains to first sites-enabled config file alphabetically

Question

I'm having exactly this issue described here https://stackoverflow.com/a/18417914/3108268 and I don't understand how to solve it.

I tried putting this block in my nginx.conf inside http block or inside default.conf and loading it back up, but it won't prevent the non-existent subdomains loading to the first domain picked from within sites-enabled dir in alphabetical order.

server {
    listen  *:80 default_server;
    root /www/project/public/;
}

What I'm missing?

nginx.conf:

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    client_max_body_size 100m;

    gzip on;
    gzip_vary on;
    gzip_disable "MSIE [1-6].(?!.*SV1)";    
    gzip_proxied any; #needed for cdn
    gzip_comp_level 5;
    gzip_buffers 4 32k;
    gzip_http_version 1.1;
    gzip_min_length 256;
    gzip_types text/plain text/css application/x-javascript application/javascript text/xml application/xml application/xml+rss text/javascript application/atom+xml application/json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml font/opentype image/svg+xml image/x-icon text/x-component; #text/html
    #expires 1w;

    #SSL Let's Encrypt certificates
    #ssl on;
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=300s ipv6=off;
    resolver_timeout 30s;

    ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5';
    ssl_dhparam /etc/nginx/ssl/dhparams.pem;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    add_header Strict-Transport-Security max-age=15768000;

    # Default server
    #server {
    #  listen 80 default_server;
    #  listen 443 ssl default_server;
       #some invalid name that won't match anything
    #  server_name _;
    #  return 404;
    #   listen 80 default_server;
    #   listen [::]:80 default_server;
    #  listen 443 ssl default_server;
    #  return 404;
    #}

    #include /etc/nginx/conf.d/default.conf;
    include /etc/nginx/sites-enabled/*;
}

example.com.conf

server {
  listen 443 ssl;
  root /var/www/example.com/htdocs/;
  index index.html index.htm;

  location / {
    autoindex on;
    try_files $uri $uri/ =404;    
  }

  location ~ \.php$ {
    fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
    # Security note: If you're running a version of PHP older than the
    # latest 5.3, you should have "cgi.fix_pathinfo = 0;" in php.ini.
    # See http://serverfault.com/q/627903/94922 for details.
    include fastcgi_params;
    # Block httpoxy attacks. See https://httpoxy.org/.
    fastcgi_param HTTP_PROXY "";
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param QUERY_STRING $query_string;
    fastcgi_intercept_errors on;
    # PHP 5 socket location.
    #fastcgi_pass unix:/var/run/php5-fpm.sock;
    # PHP 7 socket location.
    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
  }

  location ~* /img/.*\.gif$ {
    expires 30d;
    add_header Pragma public;
    add_header Cache-Control "public";
  }
}

server {
  listen 80;
  listen 443 ssl;
  server_name example.com;
  return 301 https://www.example.com$request_uri;
}