configuring an .opvn file to allow certain fully qualified domain names down the tunnel when used by the client

Question

Let me describe a little trick I use to access lets-encrypt certifcated web sites that are internal. Lets say I own example.com and I want to access a web site called www.example.com only internally. On my name server (external) I create an A record (or maybe a CNAME record) which points to my external ip address, lets say 1.2.3.4

On my firewall I open port 80 and point it at my web server, and allow lets-encrypt and certbot to combine with my nginx web server to generate certificates for the www.example.com domain.

Internally I set the dns server up to if internally I query for www.example.com it returns the ip of my internal web server (lets say that sits at ip address 192.168.1.10). Now if outside my office I try to go to https://www.example.com I get connection refused, but inside my office I get my web site appearing in the browser and it says the site is secure with a valid certificate.

Now this web server is actually a synology NAS, although that is not very important except that it also hosts an OpenVPN server connecting on port 1149 and using the sub-net of 10.8.0.0/24. So I also open 1149 on my firewall and forward it to the same server.

On setting up this OpenVPN tunnel the NAS exports me a .openVPN client I can go use to configure my clients with.

Here are the uncommented lines in that file with the exception if the actual certificates and after I've edited for the "remote" option

dev tun
tls-client
remote 1.2.3.4 1194
pull
proto udp
script-security 2
comp-lzo
reneg-sec 0
cipher AES-256-CBC
auth SHA512
auth-user-pass
<ca>
CERTIFICATE HERE
</ca>

I it my understanding I could uncomment #redirect-getway def1 to get all internet traffic down the tunnel and that would, I think, solve my issue of how to present www.example.com as an internal address, although I am not sure if I need to uncomment this option #dhcp-option DNS 192.168.1.10. What does it do, its unclear?

I've also seen a post on here that says add the following to the .openvpn file

allow-pull-fqdn
route  www.example.com       vpn_gateway
route-nopull

but again I am struggle to understand precisely what this does.

I have read this document https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage but like a lot of manuals like this it already assumes you know what you are doing, it doesn't really go in depth of what its actually does.

Lastly, I don't understand where the 10.8.0.0/24 goes in all of this. Its not mentioned in this file. Does the client get the sent back as part of an initial protocol exchange with the server?. I have the openvpn on my phone and use it in another context and it does assign a "private" address to my phones network from that range.