These are some quick n' dirty instructions so people can get up and running fast.
I wish I had known this was possible sooner.
Instructions:
Check that your VPN supports port forwarding and you have it enabled.
Grab your VPN's internal IP with ip a
Find the interface for your VPN. For me it's called tun0.
Open up /etc/nginx/nginx.conf
You can back it up, or comment everything out, or pick what's necessary. Here's what my file looks like.
worker_processes 1;
include modules.d/*.conf;
events {
worker_connections 1024;
}
http {
server {
listen [VPN INTERNAL IP]:[VPN FORWARDED PORT];
server_name localhost;
location / {
root '[ABSOLUTE PATH TO YOUR WEBSITE ROOT FOLDER]';
index index.html; # Relative to your website root.
}
}
}
Make sure your permissions are correct. For me, the 'other' group needs read permissions to the root folder, including where it's mounted.
Start nginx with systemctl start nginx
You can visit your website on your host machine in a browser at [VPN INTERNAL IP]:[VPN FORWADED PORT]. For me, using the internal IP is required to view the website on my host machine.
To view the website on other machines, you can use [VPN EXTERNAL IP]:[VPN FORWARDED PORT]. The only thing you need to change is the IP address.
I hope this works for you and you are inspired to selfhost and take back power from those who stole it from us.
You you setup a proper domain and https for your website instead of having a random IP address and port. Don't visit http pages in 2025. It is a major security risk.
Edit: If you need help setting up https let me know. You will need a domain but they are fairly inexpensive. If it is a matter of technical knowledge let me know as I can help.
Thanks.
It's my understanding that https provides encryption for the data sent between you and the server. If you're not sending any sensitive data, then the encryption shouldn't be necessary.
Don't get me wrong, encryption is great even when it isn't necessary. For my demonstration purposes though, I chose not to include it.
I also believe it's possible to set up HTTPS encryption without a domain name, but it might result in that "we can't verify the authenticity of this website" warning in web browsers due to using a self-signed certificate.
Let's Encrypt are rolling out IP-based certs, you may wanna follow its development. I'm not sure if it could be used for your forwarded VPN port, but it'd be nice anyhow
Edit: I believe encryption helps prevent tampering the data between the server and user too. It should prevent for example, someone MITM the connection and injecting malicious content that tells the user to download malware
Thanks. This is new to me and I'm going to be looking into it.
As I use docker for most of my deploys (as you should for websites exposed to the Internet anyway), I can wholeheartedly recommend traefik for this. Basically it has the functionality of nginx, but supports easy Let's Encrypt certificates.