How to Reverse Proxy with URL Rewriting and Trailing Slash with NGINX

Question

I have a reverse proxy setup with NGINX and behind my reverse proxy, I have two VPN Servers; one for students and one for admin, which requires UI access for management purposes.

Student's VPN UI:  192.168.101.10:443
Admin's VPN UI:    192.168.101.6:443

In production, I have only one single DNS name vpn.internal.example.com and I am trying to create a reverse proxy based on the specified trailing slash:

Incoming Request:
https://vpn.internal.example.com/students/foo/bar -> https://192.168.101.10/foo/bar
https://vpn.internal.example.com/admin/foo/bar    -> https://192.168.101.6/foo/bar

Basically, any incoming request should be Proxy_pass without the URI to the internal VPN Server's but when the request is sent back to the user, the trailing slash should be amended.

Returning Request:
https://192.168.101.10/foo/bar ->   https://vpn.internal.example.com/student/foo/bar
https://192.168.101.6/foo/bar  ->   https://vpn.internal.example.com/admin/foo/bar

I was hoping that this simple configuration would do the trick, I'm only showing a portion of the config for simplicity:

upstream vpn-student {
    server 192.168.101.10:443;
}

server {
    listen 443 ssl;
    ...

    server_name vpn.internal.example.com;
    location /student/ {
        proxy_pass https://vpn-student/;
        proxy_ssl_verify off;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Accept-Encoding "";
        sub_filter "https://vpn-student/" "https://vpn-student/student/";
        sub_filter_once off;
    }
}

I tried using the sub_filter option as shown in this post. But didn't have much success.

Also, sometimes when I type vpn.internal.example.com/students/ the web URL reverts back to vpn.internal.example.com

Perhaps someone could shed light on How to solve this issue? Thank you!