Your first configuration results in the following when I access nextcluod.domain.com from both within and outside the LAN:
<span style="color:#323232;">400 Bad Request
</span><span style="color:#323232;">Bad Request
</span><span style="color:#323232;">Your browser sent a request that this server could not understand.
</span><span style="color:#323232;">Reason: You're speaking plain HTTP to an SSL-enabled server port.
</span><span style="color:#323232;"> Instead use the HTTPS scheme to access this URL, please.
</span>
This is an interesting response, because it’s what I see when I try to access the server from 192.168.1.182:443 from within the LAN. Which, I assume, is to be expected when a port has TLS enabled – one should access it from 192.168.1.182:80 instead; however, when I modify your suggestion to be from port 80, rather than port 443, it results in the usual
<span style="color:#323232;">301 Moved Permanently
</span><span style="color:#323232;">Moved Permanently
</span><span style="color:#323232;">The document has moved https://nextcloud.domain.com:443/
</span>
Your second configuration results in the following when I access nextcloud.domain.com from both within and outside the LAN:
<span style="color:#323232;">Client sent an HTTP request to an HTTPS server.
</span>
Side note: I do still have the original HTTPS setup with Let’s Encrypt enabled on the Nextcloud server for domain.com. Is that causing the issue? I’d rather not disable that unless I need to, at the moment.