For standard ssl 443 port (which works):
port 443 (internet) => 443 to 1621 (router) => ngnix (letsencrypt) "listen 443 ssl" map to nextcloud docker
My dream :
port 51123 (internet) => 51123 to 1621 (router) => ngnix (letsencrypt) "listen 51123 ssl" map to nextcloud docker. I change opposite the other solution above only the nextcloud.subdomain.conf (letsencrypt docker) row "listen 51123 ssl"
But I try some different settings. Now I could narrow the problem a litte bit. Problem is the nextcloud "ngnix" settings not letsencrypt docker. I tested to forward port 51123 directly (without reserve proxy (letsencrypt docker) ) to nextcloud => same error: "403 Forbidden nginx/1.16.0" ... so its an config issue in nextcloud docker but where I should config that, I am a litte bit confused now...
Edit:
OK my "noob" problem solve partially:
setting in nextcloud config.php under "trusted domain":
'trusted_domains' =>
array (
0 => 'xx.xx.xx.xx:51123', (internal ip)
1 => 'my.domain.com:51123', (domain)
2 => 'xx.xx.xx.xx:51123', (external ip)
BUT works only for internal and external ip not for domain!