We need to install a reverse proxy on the machine exposed to the internet to access Nextcloud.
<VirtualHost *:80>
    ServerName <cloud.yourdomain.com>
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
    RewriteCond %{SERVER_NAME} =<cloud.yourdomain.com>
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:443>
    ServerName <cloud.yourdomain.com>
    ServerAdmin you@yourdomain.com
    php_value date.timezone "your/timezone"
    ErrorLog ${APACHE_LOG_DIR}/nc-error.log
    CustomLog ${APACHE_LOG_DIR}/nc-access.log combined
    # Reverse proxy based on https://httpd.apache.org/docs/current/mod/mod_proxy_wstunnel.html
    RewriteEngine On
    ProxyPreserveHost On
    RequestHeader set X-Real-IP %{REMOTE_ADDR}s
    AllowEncodedSlashes NoDecode
    
    # Adjust the two lines below to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
    ProxyPass / http://your.nas.ip.addr:11000/ nocanon
    ProxyPassReverse / http://your.nas.ip.addr:11000/
    
    RewriteCond %{HTTP:Upgrade} websocket [NC]
    RewriteCond %{HTTP:Connection} upgrade [NC]
    RewriteCond %{THE_REQUEST} "^[a-zA-Z]+ /(.*) HTTP/\d+(\.\d+)?$"
    RewriteRule .? "ws://your.nas.ip.addr:11000/%1" [P,L,UnsafeAllow3F] # Adjust to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
    # Enable h2, h2c and http1.1
    Protocols h2 h2c http/1.1
    
    # Solves slow upload speeds caused by http2
    H2WindowSize 5242880
    # TLS
    SSLEngine               on
    SSLProtocol             -all +TLSv1.2 +TLSv1.3
    SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
    SSLHonorCipherOrder     off
    SSLSessionTickets       off
    # If running apache on a subdomain (eg. nextcloud.example.com) of a domain that already has an wildcard ssl certificate from certbot on this machine, 
    # the <your-nc-domain> in the below lines should be replaced with just the domain (eg. example.com), not the subdomain. 
    # In this case the subdomain should already be secured without additional actions
    SSLCertificateFile /etc/letsencrypt/live/cloud.yourdomain.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/cloud.yourdomain.com/privkey.pem
    # Disable HTTP TRACE method.
    TraceEnable off
    <Files ".ht*">
        Require all denied
    </Files>
    # Support big file uploads
    LimitRequestBody 0
    Timeout 86400
    ProxyTimeout 86400
</VirtualHost>
sudo a2enmod http2 systemctl restart apache2
sudo docker run \ --init \ --sig-proxy=false \ --name nextcloud-aio-mastercontainer \ --restart always \ --publish 8080:8080 \ --env APACHE_PORT=11000 \ --env APACHE_IP_BINDING=0.0.0.0 \ --env APACHE_ADDITIONAL_NETWORK="" \ --env SKIP_DOMAIN_VALIDATION=false \ --env NEXTCLOUD_DATADIR="/volume1/docker/nextcloud/data" \ --env NEXTCLOUD_MOUNT="/volume1/" \ --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \ --volume /var/run/docker.sock:/var/run/docker.sock:ro \ ghcr.io/nextcloud-releases/all-in-one:latest
nextcloud-aio-mastercontainer in Container Manager of your Synology DSMnextcloud-aio-mastercontainer in Container Manager, but not any other containerhttps://your.nas.ip.addr:8080 and follow the on-screen instructions in Nextcloud AIO to setup all related Nextcloud containersadmin, take the temporary password from the nextcloud-aio interfaceadmin/volume1/@docker/volumes/nextcloud_aio_nextcloud/_data/config/config.php sudo docker ps sudo docker logs -f nextcloud-aio-mastercontainer sudo docker logs -f nextcloud-aio-apache
/etc/passwd and /etc/group