Skip to content

Instantly share code, notes, and snippets.

@timkpaine

timkpaine/README.md

Last active July 26, 2023 00:46
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save timkpaine/a7b48416bc22c2537c037dfc1b836758 to your computer and use it in GitHub Desktop.
Save timkpaine/a7b48416bc22c2537c037dfc1b836758 to your computer and use it in GitHub Desktop.
Download ZIP
NGINX make site available only on VPN, with OpenVPN and Certbot
Raw
README.md

You want a server block in nginx like this

server {
  server_name  <your fqdn>;
  root         /usr/share/nginx/html;

  # allow certbot
  location /.well-known {
      autoindex on;
      root /opt/www-pub/;
  }

  location / {
      allow <vpn IP>/24;
      deny all;
      ...
  }
}

Make sure /etc/hosts has a block like:

<vpn IP> <your fqdn>

Make sure /etc/openvpn/server/server/conf has a block like:

push "redirect-gateway def1"

And disable ipv6 in the same file:

# server-ipv6 ...

Note that you may need to flush DNS.

With this setup, you can have a certbot/SSL protected "private" site that is only accessible to clients of your OpenVPN vpn.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment