Nextcloud image should bind port to instead of 40000:80

The nextcloud container is directly accessible from outside, aka it is possible to bypass the proxy (Apache)

  1. your nextcloud image bind the port 80 to
  2. IPTables is bypassed because Docker by default creates rules as early as nat PREROUTING

for instance,
I’m able to access https://ucs.domain.tld/nextcloud/login but also http://ipserver:40000/nextcloud/login

an easy way to fix that is to bind the port the loopback