Access to web interface through IP vs. DNS name

Playing with our Jitsi setup I figured that I can access the web interface using the public IP as well as the DNS name but the difference seems to be that our secure domain setup only works if one uses the web interface via DNS domain name but does not restrict channel creation when opened via IP address.

Adding the following config block to /etc/nginx/sites-enabled/meet.company.com.conf would help with forcing people to use the DNS domain name:

server {
    listen 4444 ssl default_server;
    listen [::]:4444 ssl default_server;
    server_name _;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED";

    return 301 https://meet.company.com$request_uri;
}

Would that have any negative consequences for our setup?

I found this topic which might be kind of related: How to make Jitsi video call go through our DNS name and not through a specific IP address

This link also wil be catched by the same config and redirected again if there is not a second server block for meet.company.com

Thanks for you comment! Sure there needs to be another server block in that same config - that’s generated by Jitsi on install anyway. I just add the mentioned server block to that.

I am wondering if this is worth to be considered as an addition to how jitsi generates the config file because I would assume not many people want their server to be accessed via public IP address?!