And once you have you domainname, you can do the following:
set up a reverse reverse proxy (apache, nginx) in front of nextcloud
in the configuration of apache/bginx use virtual hosts.
make sure that the default virtualhost (in apache, that is the the one that does not have “ServerName”) first in the configuration. Point that to a local website with just an empty directory
then, AFTER the default virtual host, add the reverse-proxy configuration of your nextcloud instance.
What this does, is that if somebody addresses your website with a URL that does not contain the exact hostname of your nextcloud, the webquery will go to the empty website and simply return a 404. A hacker who does a webrequest to “your-ip-address/login” will just get a “404 not found” and not reach your nextcloud instance.
This keeps people who just scan the internet for vulnerable systems and try out all kind of URLs to try to get in out of your nextcloud.
Of course, this only works if you keep the full hostname of your instance to yourself and do not post it somewhere (including social media, mailing-lists, …)