You should have these lines in your Nextcloud’s config file:
'trusted_proxies' =>
array (
0 => '10.42.0.0/16',
1 => '103.21.244.0/22',
2 => '103.22.200.0/22',
3 => '103.31.4.0/22',
4 => '104.16.0.0/12',
5 => '108.162.192.0/18',
6 => '131.0.72.0/22',
7 => '141.101.64.0/18',
8 => '162.158.0.0/15',
9 => '172.64.0.0/13',
10 => '173.245.48.0/20',
11 => '188.114.96.0/20',
12 => '190.93.240.0/20',
13 => '197.234.240.0/22',
14 => '198.41.128.0/17',
15 => '2400:cb00::/32',
16 => '2606:4700::/32',
17 => '2803:f800::/32',
18 => '2405:b500::/32',
19 => '2405:8100::/32',
20 => '2c0f:f248::/32',
),
'forwarded_for_headers' =>
array (
0 => 'HTTP_CF_CONNECTING_IP',
),
If you already have Let’s Encrypt on the server, you won’t need the Origin certificate as well. Unless you want to replace your certificate with the Origin one that can have a 15 year expiration date.