Here is the nginx config on the VPS for redirecting requests to https://crypt.commoninternet.net to the tunnel (b1.net is locally assigned to the IP address of the tunnel via /etc/hosts).
location @reverseproxy__9--proxy {
proxy_pass https://b1.net;
proxy_redirect off;
proxy_set_header Host crypt.commoninternet.net;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Port $server_port;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
more_clear_input_headers 'Accept-Encoding';
}
# Support relative URLs
# Not needed for webroot
location / {
# Include SSOWAT user panel.
# include conf.d/yunohost_panel.conf.inc;
# No static files to serve
try_files /dev/null @reverseproxy__9--proxy;
}