There are reverse proxy config examples in Nextcloud's documentation. Possibly you should take your problem to that community, because seemingly TrueNAS is working just as it should. While I use Nginx as the web server for my Nextcloud installation proper, I use Apache for all my reverse proxy needs and SSL handling. Intending to replace it with Caddy, but hey, only so much time ...
So while I cannot help you with the reverse proxy in Nginx maybe my Apache config gives you a hint or two.
Kind regards,
Patrick
P.S. You did consult the Nextcloud reverse proxy documentation, didn't you?
P.P.S. I always put links to official guides into my config files as comments, so years later I know where that came from.
Code:
# HTTP default vhost handling - essentially Letsencrypt
<VirtualHost _default_:80>
# Permit access for Letsencrypt challenge/response
Alias /.well-known/acme-challenge /usr/local/www/dehydrated
<Directory /usr/local/www/dehydrated>
Options None
AllowOverride None
Require all granted
</Directory>
# Redirect all other requests to HTTPS
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge
RewriteRule (.+) https://%{HTTP_HOST}$1 [L,R=301]
</VirtualHost>
# https://docs.nextcloud.com/server/21/admin_manual/configuration_server/reverse_proxy_configuration.html
<VirtualHost *:443>
ServerName cloud.my.domain
ProxyRequests Off
ProxyPreserveHost On
RewriteEngine On
RewriteRule ^/\.well-known/carddav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
RewriteRule ^/\.well-known/caldav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
<Proxy *>
Require all granted
</Proxy>
ProxyPass / http://192.168.1.53/
ProxyPassReverse / http://192.168.1.53/
<Location />
Require all granted
</Location>
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
SSLEngine on
SSLCertificateFile "/usr/local/etc/dehydrated/certs/cloud.my.domain/cert.pem"
SSLCertificateChainFile "/usr/local/etc/dehydrated/certs/cloud.my.domain/chain.pem"
SSLCertificateKeyFile "/usr/local/etc/dehydrated/certs/cloud.my.domain/privkey.pem"
</VirtualHost>