These are some quick n’ dirty instructions so people can get up and running fast.
I wish I had known this was possible sooner.
Instructions:
Check that your VPN supports port forwarding and you have it enabled.
Grab your VPN’s internal IP with ip a
Find the interface for your VPN. For me it’s called tun0.
Open up /etc/nginx/nginx.conf
You can back it up, or comment everything out, or pick what’s necessary. Here’s what my file looks like.
worker_processes 1;
include modules.d/*.conf;
events {
worker_connections 1024;
}
http {
server {
listen [VPN INTERNAL IP]:[VPN FORWARDED PORT];
server_name localhost;
location / {
root '[ABSOLUTE PATH TO YOUR WEBSITE ROOT FOLDER]';
index index.html; # Relative to your website root.
}
}
}
Make sure your permissions are correct. For me, the ‘other’ group needs read permissions to the root folder, including where it’s mounted.
Start nginx with systemctl start nginx
You can visit your website on your host machine in a browser at [VPN INTERNAL IP]:[VPN FORWADED PORT]. For me, using the internal IP is required to view the website on my host machine.
To view the website on other machines, you can use [VPN EXTERNAL IP]:[VPN FORWARDED PORT]. The only thing you need to change is the IP address.
I hope this works for you and you are inspired to selfhost and take back power from those who stole it from us.
That’s not entirely true. A lot of requests, even with https, are send over HTTP/1.1. And this is kinda mind blowing that in 2025 we still rely on something so old and insecure…
Same goes with SMS and the old SS7 protocol from 1970… 2FA SMS is probably the most insecure way to get access to your bank account or what ever service promotes 2FA sms login.
Does that contradict what I said? Sure, HTTP 1 is still widely used, but without TLS you can’t use anything else.
For SMS we don’t have a choice, but if you configure your own web server you do have a choice.
I can’t believe SMS is still used for anything but sure OTP sent in text makes sure my account is secure Mr Bank.