Nginx's server_name directive indicates the domain name it's listening on. But if none of the server blocks match the incoming request, it will still fall back to the last HTTP/HTTPS server block. So direct access by IP address will probably be caught by some route instead of being dropped, which is often not ideal.
More than 75% of all websites use HTTPS nowadays. Serving content over HTTPS is not only good practice for search engine optimization (SEO), but essential for security reasons, especially for those requests containing sensitive information.