外网nginx 代理（vpn）到 内网 配置，实现外网的访问内网 （亲测可以实现）；

外网安装 vpn服务，内网接入vpn；

外网通过nginx 代理到内网（nginx）；

#外网nginx代理
server {
        listen       80;

        server_name  *.test.xxxx.com;

        charset utf-8;

        location / {
                    #root            /var/www;
                    #index           index.jsp;            
                    proxy_pass      http://10.0.0.2:80/;
                    include proxy.conf;
        }
 }

# 代理配置文件 proxy.conf

proxy_redirect          off;
proxy_set_header        Host $host;
proxy_set_header        X-Real-IP $remote_addr; #获取真实IP
proxy_set_header        X-Forwarded-For   $proxy_add_x_forwarded_for; #获取代理者的真实ip
proxy_set_header X-Forwarded-Proto http;
proxy_set_header         X-Scheme $scheme;
client_max_body_size    10m;
client_body_buffer_size 128k;
proxy_connect_timeout   90;
proxy_send_timeout      90;
proxy_read_timeout      90;
proxy_buffer_size       4k;
proxy_buffers           4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;

内网（nginx）负责将代理请求分发到不同的服务器（以tomcat为例）上；

#内网的nginx 代理配置（负责转发）

server {
        listen       80;

        server_name  family.test.xxxx.com;

        charset utf-8;

        #access_log  logs/host.access.log  main;

        location / {
                #root /www/example1.com;
                #index index.html index.htm;
                proxy_pass  http://zdy_balancer;
                include /etc/nginx/proxy.conf;
        }
}

upstream zdy_balancer {
    server 192.168.2.201:80; #指向了tomcat服务主机
}

#内网nginx的代理配置 proxy.conf

proxy_redirect          off;
proxy_set_header        Host $host;
proxy_set_header        X-Real-IP $remote_addr; #获取真实IP
proxy_set_header       X-Forwarded-For   $proxy_add_x_forwarded_for; #获取代理者的真实ip
client_max_body_size    10m;
client_body_buffer_size 128k;
proxy_connect_timeout   90;
proxy_send_timeout      90;
proxy_read_timeout      90;
proxy_buffer_size       4k;
proxy_buffers           4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;

tomcat 服务的配置

#tomcat（192.168.2.201） 服务配置 server.xml
#虚拟主机
 <Host name="family.test.xxxx.com"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">
		<Context path="" reloadable="true" docBase="/var/www/webroot/family_platform"/>
        <Context path="/resources" reloadable="true" docBase="/var/www/resources/family_platform"/>
        <!-- SingleSignOn valve, share authentication between web applications
             Documentation at: /docs/config/valve.html -->
        <!--
        <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
        -->
        <!-- Access log processes all example.
             Documentation at: /docs/config/valve.html
             Note: The pattern used is equivalent to using pattern="common" -->
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="family_access_log." suffix=".log"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />
      </Host>

以上亲测可以实现