HTTPS questions and problems

First a bit technical details:

Ubuntu 18.04
Nextcloud - apache2

Im not entirely sure how to do this.

I have my router set to forward a port 3456 to that internal IP adress

I consider using a selfsigned cert as the letsencrypt wont fetch for some reason ( its giving me error of possible firewall issue )

Anyway the documentation tells me to use redirect permanent in a file.
I take it that its the nextcloud.conf file in my /etc/apache2/sites-available that its talking about ?
Its a bit tricky when it doesn mention exactly which files to edit.
Do i need to specify the port in the redirect part ? And should i open an extra port on the router ??
Is it simply the local server listening to another port ( https instead of http ) so i wont need to redirect even another port in the router ?

A side question is: Which ports should i have opened in its local firewall once im done ?? 80 433 and what else ? Im using teamviewer to remote access it for the time being ( as i work on it while at work )

You are correct, it is in there.

No. It is the port in your Listen Directive.

No. The router’s config should contain the port your Nextcloud instance is listening on.

Please read this part carefully, as it will explain it quite nicely.