server {
    listen 80 default_server backlog=2048 reuseport fastopen=256;
    listen [::]:80 default_server backlog=2048 reuseport fastopen=256;

    # redirect all http traffic to https
    #return 301 https://$host$request_uri;

    # Reject everything on your default IP
    location / { return 444; }
}

server {
    listen 443 ssl reuseport fastopen=256 backlog=2048;
    listen [::]:443 ssl reuseport fastopen=256 backlog=2048;

    # Reject everything on your default IP
    location / { return 444; }

    ssl_reject_handshake on;
}
