Run web-server behind AirVPN with NGINX + domain - HOW?!

[YeloHowArEYoU 1]

Hey!

I have managed to set up VPN on my VPS so I know can connect via SSH to vpn ip + port.
My domain is also pointed to the IP by an A-record and resolves fine when ping domain.com.

But I just dont understand how to configure the nginx config correctly so domain.com corresponds with the VPN IP.

Ive tried putting the open port here and there in my nginx config but the closest I've come is
http://VPNIP:port which works
[does not load https though!]

So I am now after hours of trying kindly asking a brainiac from here to help me.


##################################

server {
    server_name domain.com;
    root /var/www/website/public;

    index index.php;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_pass unix:/run/php/php8.2-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }


    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host = domain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name domain.com;
    return 404; # managed by Certbot


}


##################################

I've reverted to the original config that worked before I enabled VPN on the server. With the above domain.com loads fine and sends to https://.

VALUES FOR DEMONSTRATION
Domain: domain.com
PrivateIP: 0.0.0
VPN IP: 1.1.1
Non-VPN-Server IP: 5.5.5
Open ports: 11, 22, 33, 44, 55
VALUES FOR DEMONSTRATION

Is there aaanyone that perhaps already have done it and have a ready copy paste config?

10000 Thanks!!!!!!!!!!!!!!!!!

Edit: I've seen this

 but I can't or well I DONT KNOW HOW to apply this in my case....

TL;DR
I want to be able to visit domain.com which is hosted on a webserver, thats behind an AirVPN (without doing https//domain.com:port).

Edited ... by YeloHowArEYoU

[OpenSourcerer 1435]

4 hours ago, YeloHowArEYoU said:

But I just dont understand how to configure the nginx config correctly so domain.com corresponds with the VPN IP.

Actually, this is not necessary at all unless you don't want that server to be reachable on the physical interface.
 

4 hours ago, YeloHowArEYoU said:

I want to be able to visit domain.com which is hosted on a webserver, thats behind an AirVPN (without doing https//domain.com:port).

Well, you will need to specify the port at all times. If you don't want that, you absolutely need a reachable port 80/443 on some machine reverse-proxying requests to the domain.com machine.

[YeloHowArEYoU 1]

Sounds like advanced stuff so I guess I give up. Very hard to find ANY tutorials about this too! Thanks for your input

[OpenSourcerer 1435]

23 hours ago, YeloHowArEYoU said:

Sounds like advanced stuff so I guess I give up. Very hard to find ANY tutorials about this too! Thanks for your input

Reverse-proxying is quite easy. The more difficult part comes from the fact that you can't forward port 80/443 with AirVPN, so regular webhosting behind a VPN server is impossible.
It becomes possible if you point domain.com at a machine with a webserver listening on the regular HTTP ports, and which proxies requests to the machine behind AirVPN. The DDNS feature comes in handy here – this way there's no need to keep track of any IPs, the DDNS name always points at the hosting machine behind AirVPN. But then you have to wonder – why even host something behind AirVPN if you can host on whatever machine listens on the HTTP ports?

By the way, on-topic but diverges a little: If nginx syntax is too much for you, I recommend Caddy. The syntax is much easier to grasp and consists of { } config blocks for the domains/IPs you want to host. Best part: HTTPS is enabled and issued with Let's Encrypt by default. A simple Caddyfile for hosting files is literally 2-3 lines.

[YeloHowArEYoU 1]

5 hours ago, OpenSourcerer said:

Reverse-proxying is quite easy. The more difficult part comes from the fact that you can't forward port 80/443 with AirVPN, so regular webhosting behind a VPN server is impossible.
It becomes possible if you point domain.com at a machine with a webserver listening on the regular HTTP ports, and which proxies requests to the machine behind AirVPN. The DDNS feature comes in handy here – this way there's no need to keep track of any IPs, the DDNS name always points at the hosting machine behind AirVPN. But then you have to wonder – why even host something behind AirVPN if you can host on whatever machine listens on the HTTP ports?

By the way, on-topic but diverges a little: If nginx syntax is too much for you, I recommend Caddy. The syntax is much easier to grasp and consists of { } config blocks for the domains/IPs you want to host. Best part: HTTPS is enabled and issued with Let's Encrypt by default. A simple Caddyfile for hosting files is literally 2-3 lines.

Thanks a lot for such informative input OpenSourcerer. Appreciate it!