Apache SSL 지원 사이트에 대한 Nginx 역방향 프록시

여기에 게시된 것과 매우 유사한 질문이 있습니다.

Nginx 프록시 패스(역방향 프록시)를 사용하여 SSL로 Apache 호스팅 사이트 제공

서버 1 - nginx가 있고 자체 SSL 인증서(mail.mydomain.com)가 있는 메일 서버 서버 2 - Apache가 있고 자체 SSL 인증서(cloud.mydomain.com)가 있는 nextcloud

80/443 포트 전달 라우터를 내부 IP로 변경하면 두 사이트 모두 작동합니다.

nginx를 사용하여 nextcloud 사이트를 전달/역방향 프록시하고 싶은데 어떻게 해야 할지 모르겠습니다.

server {
 listen 80;
 listen [::]:80;
 server_name mail.mydomain.com;

 return 301 https://$server_name$request_uri;
}
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name mail.mydomain.com;
    root /usr/share/nginx/roundcubemail/;
    index index.php index.html index.htm;

  error_log /var/log/nginx/roundcube.error;
  access_log /var/log/nginx/roundcube.access;

  location / {
    try_files $uri $uri/ /index.php;
  }

  location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
    deny all;
  }
  location ~ ^/(bin|SQL)/ {
    deny all;
  }

  location ~ \.php$ {
   try_files $uri =404;
    fastcgi_pass unix:/run/php/php7.3-fpm.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
  }

  location ~ /.well-known/acme-challenge {
    allow all;
  }

          ####################################################################
          # SSL Stuff
          # https://mozilla.github.io/server-side-tls/ssl-config-generator/
          ####################################################################
          

          # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
          ssl_certificate           /etc/letsencrypt/live/mydomain.com/fullchain.pem;
          ssl_certificate_key       /etc/letsencrypt/live/mydomain.com/privkey.pem;
          ssl_session_timeout 1d;
          ssl_session_cache shared:SSL:50m;
          ssl_session_tickets off;


          # modern configuration. tweak to your needs.
          ssl_protocols TLSv1.2;
          ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
          ssl_prefer_server_ciphers on;

          # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
          add_header Strict-Transport-Security " max-age=15768000";

          # OCSP Stapling ---
          # fetch OCSP records from URL in ssl_certificate and cache them
         ssl_stapling on;
          ssl_stapling_verify on;


      ###################################
          # REVERSE PROXY LOCATION SETTINGS #
          ###################################
          location /calibre/ {
                proxy_pass http://192.168.1.83:8084/;
                proxy_set_header     Host            $host ;
                proxy_set_header     X-Real-IP       $remote_addr;
                proxy_set_header        X-Forwarded-Proto $scheme;
                add_header              Front-End-Https        on;
                proxy_redirect       off;
          }

          ##########################################################
          # Sonarr needs additional config regarding reverse proxy
          # Settings -> General -> URL Base: /sonarr
          ##########################################################
          location /sonarr/ {
                proxy_pass http://192.168.1.77:8989;
                proxy_set_header     Host            $host;
                proxy_set_header     X-Real-IP       $remote_addr;
                proxy_set_header     X-Forwarded-For      $proxy_add_x_forwarded_for;
          }

 location /sabnzbd/ {
                proxy_pass http://192.168.1.77:8080;
                proxy_set_header     Host            $host ;
                proxy_set_header     X-Real-IP       $remote_addr;
                proxy_set_header        X-Forwarded-Proto $scheme;
                add_header              Front-End-Https        on;
                proxy_redirect       off;
    }


}

cloud.mydomain.com이 작동하도록 하는 유일한 방법은 내부 IP에 대한 호스트 항목을 만드는 것입니다(분명히 이것은 내부 네트워크에서만 작동합니다).

nginx 구성에 무엇을 해야 합니까?