Reverse proxy Nginx to a remote php-fpm server with fastcgi

I've got 2 AWS EC2 instances, one of which resides in a public subnet and is configured to act as a NAT instance, and runs Nginx. The other instance resides in a private subnet, but can communicate with the public one. The respective IP addresses of the instances are, for example:

• 172.25.48.14 - Nginx instance in a public subnet (172.25.48.0/28), has an Elastic IP assigned
• 172.25.48.140 - instance running php-fpm in a private subnet (172.25.48.128/28)

The thing is, I want this website to be accessible by a certain URL - I supposed Nginx to act as a reverse proxy server which maps requests to certain subdomains or URLs to respective resources. So, here is my Nginx configuration:

http {
    sendfile on;
    tcp_nopush on;
    types_hash_max_size 2048;
    server_names_hash_bucket_size 128;

    include /etc/nginx/mime.types;
    default_type text/html;

    proxy_headers_hash_bucket_size;
    access_log /var/log/nginx/access.log
    error_log /var/log/nginx/error.log

    server {
        listen 80;

        location ~ ^/site1(.*)$ {
            # These are commented out because no matter if specified or not the result is the same
            # index index.php;
            # try_files $uri $uri/ /site1/index.php?$request_uri;
            location ~ \.php$ {
                include fastcgi.conf;
                try $uri =404;

                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_pass 172.25.48.140:9000;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
            }
        }
    }
}

And here is, respectively, the php-fpm pool configuration for the site in the private instance:

[site1]
user = www-data
group = www-data
listen = 172.25.48.140:9000
listen.allowed_clients = 172.25.48.14, 172.25.48.140, 127.0.0.1
php_admin_value[disable_functions] = exec, passthru, shell_exec, system
php_admin_flag[allow_url_fopen] = off
pm = dynamic
pm.max_children = 10
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 8
pm.process_idle_timeout = 30s
pm.status_path = /php_status
ping.path = /ping
ping.response = wrrrrrrrrryyyyyyyyyyy
access.log = /var/log/php/8.3/$pool.access.log
access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{milli}d %{kilo}M %C%%"

For the sake of simplicity let's assume I have only a single index.php file, which resides in the private instance as well at /apps/site1/, which has a symlink at /var/www/html/site1.

The problem is that no matter what I try, I get 404, and judging by the logs on the private instance side, the request doesn't even get there - even though I know I have the instance security groups configured properly and on the right ports, because otherwise I can connect from the private instance to the public one and vice versa without any problems. The only time I got a request through to the php-fpm (albeit a 404 as well) was when I moved the deep-most "location" lookup (the one that matches for the .php scripts) to the server top level - so basically the request went straight to 172.25.48.14, and not to 172.25.48.14/site1 as I intended.

Am I missing something? Could the issue be that the source files are located on the same instance as php-fpm, and not on the Nginx side? Am I getting the concept of how it works wrong? Please, if you have any ideas on this, I'll be extremely grateful for your help. Thanks in advance!