the message very clear reports what happened. The request from notify_push arrived on your reverse proxy 172.21.1.2 from the address 1.2.3.4 and was forwarded to Nextcloud. Depending on your setup this might be you public IP which is often used when you access public domain name from internal system.
You might find hints in the following threads: Setting up Files (High Performance Backend) and Probably DNS help with NC Docker + Collabora + Wireguard tunnel - #5 by wwe