How can I stop someone from displaying my website on his domain?

The answer depends on the web-server you are using. For example, apache allows for the creation of multiple virtual hosts, of which the first described is considered the default one.

What I suggest to do, is to create this default "catch-all" virtual-host with a global deny rule on it. Then configure your own web-site with a virtual-host identified with your domain name.

Therefore, any request coming in with a domain not matching your shall be denied access (404 I suppose).

An other thing you could do is get the "whois" information on said domain, ISP usually list in the records an email address to report abuse. Collect some information from your logs and ask the provider to terminate this.

Typically, if you add SSL and enforce it then he's got two choices - act as a HTTP proxy that strips the encryption (potentially mirror the site instead; waste of resources on his side either way) or let the user see a big fat warning message about a certificate error.

This should be sufficient for most circumstances to prevent domains not under your control from pointing to your web servers.