there are two possible nginx container you might be talking about.
the nextcloud image with php-fpm only has php “onboard”. but fpm-php can’t handle static html and css. in this scenario nginx is serving html & css. all requests for php pages are uploaded to the fpm-php container. but that container only talks http.
to talk ssl/tls you need certificates. if you use letsencrypt they have to renewed regularly. so people build a nginx+letsencrypt container with certificate auto renew.
kind of job sharing. 1. handles nextcloud. 2. handles https.
of course you can combine both. but than you have to be a nextcloud expert and a letsencrypt expert to maintain that dockerfile. and you have to use letsencrypt certificates where you want to use versign certs. so better t keep things separated.
and if you want to run other container with web service (wordpress, joomla, …) on that host things are getting even more complicate.
p.s.: in my playbook you can choose apache or nginx/fpm-php to run nextcloud. but i put traefik in front of it. if you want to add other web services to your host you just have to tag that container and traefik will get certificates and add a route to that container.if traefik can’t get letsencrypt certifcates it uses selfsigned ones. automatically.