Your first configuration results in the following when I access nextcluod.domain.com from both within and outside the LAN:
400 Bad Request
Bad Request
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
This is an interesting response, because it's what I see when I try to access the server from 192.168.1.182:443 from within the LAN. Which, I assume, is to be expected when a port has TLS enabled -- one should access it from 192.168.1.182:80 instead; however, when I modify your suggestion to be from port 80, rather than port 443, it results in the usual
301 Moved Permanently
Moved Permanently
The document has moved https://nextcloud.domain.com:443/
Your second configuration results in the following when I access nextcloud.domain.com from both within and outside the LAN:
Client sent an HTTP request to an HTTPS server.
Side note: I do still have the original HTTPS setup with Let's Encrypt enabled on the Nextcloud server for domain.com. Is that causing the issue? I'd rather not disable that unless I need to, at the moment.