Just enough working example of Nextcloud instance.
Headers, .well-known rewrite rules and redirects are tweaked a little bit to pass Nextcloud security checks.
<VirtualHost *:80>
ServerName nextcloud.example.com
DocumentRoot /var/www/nextcloud
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
Header edit Set-Cookie ^(.*)$ "$1;HttpOnly;Secure;SameSite=Strict"
</IfModule>
<FilesMatch \.php$>
SetHandler "proxy:unix:/var/run/php/php7.4-fpm.sock|fcgi://localhost/"
</FilesMatch>
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^\.well-known/host-meta /var/www/nextcloud/public.php?service=host-meta [QSA,L]
RewriteRule ^\.well-known/host-meta\.json /var/www/nextcloud/public.php?service=host-meta-json [QSA,L]
RewriteRule ^\.well-known/webfinger /var/www/nextcloud/public.php?service=webfinger [QSA,L]
RewriteRule ^\.well-known/carddav /var/www/nextcloud/remote.php/dav/ [R=301,L]
RewriteRule ^\.well-known/caldav /var/www/nextcloud/remote.php/dav/ [R=301,L]
</IfModule>
Redirect 301 /.well-known/carddav https://nextcloud.example.com/remote.php/dav
Redirect 301 /.well-known/caldav https://nextcloud.example.com/remote.php/dav
Redirect 301 /.well-known/webdav https://nextcloud.example.com/remote.php/dav
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
