Proper SELinux configuration (more than in the manual)

So on the SELinux configuration page, they suggest SELinux contexts to set at the top and then I noticed they said the following at the bottom:

It is much stronger security to have a more fine-grained ruleset as in the examples at the beginning, so use this only for testing and troubleshooting. It has a similar effect to disabling SELinux, so don’t use it on production systems.

Does anyone have experience with such a fine-grained ruleset for Nextcloud? When I take a look at the directory structure I cannot really imagine what folders/files can do away with the rw context. They say the following directories should have rw: /var/www/html/nextcloud/data, /var/www/html/nextcloud/config, and /var/www/html/nextcloud/apps. Data is obvious, since you need to write new data. I guess you could do away with the config directory and only allow rw on config.php, but what about the apps? And what security will you gain by having a more fine-grained ruleset?

For reference I am running Fedora 32 and nginx as a webserver.

Basically, what SELinux ruleset does the community use and why?