The proxy is bypassed for Coturn and WebRTC traffic as you forward port 3478 directly. So traffic goes as this:
- Browser Nextcloud access => Nginx => backend webserver => Nextcloud
- Browser Coturn/WebRTC access => Coturn => other video call client browser (Nginx not used at all)
- The browser gets Coturn access details and authentication token from Nextcloud when you start a video call, but then establishes a completely independent WebRTC connection using a different protocol which is not even understood by Nginx/webservers.