I’m not familiar with the BT Home Hub, but if you can’t create a NAT rule, then maybe you can do a port forward. I’m not sure about just “opening ports,” but maybe you’re referring to port forwarding which I think is what you’ll want to do. If you forward both ports 80 and 443 to the IP address of your nextcloud server, it’s not a security risk (assuming you follow the security recommendations when you set up Nextcloud).
Routing from the LAN is different than routing from outside. Instead of using Redirect in Apache, I would suggest using this method for redirection, that way you can access nextcloud by the internal IP address from devices on your LAN, and from the hostname from outside. This requires the apache mod_rewrite module to be enabled:
RewriteEngine On
RewriteCond %{SERVER_PORT} !443
RewriteRule ^(/(.*))?$ https://%{HTTP_HOST}/$1 [R=301,L]
It won’t be simple to change the data location now that you’ve already set it up, and don’t count on symlinks.