Push server is not a trusted proxy by Nextcloud running in Docker even after setting it as one in config.php

the message very clear reports what happened. The request from notify_push arrived on your reverse proxy 172.21.1.2 from the address 1.2.3.4 and was forwarded to Nextcloud. Depending on your setup this might be you public IP which is often used when you access public domain name from internal system.

You might find hints in the following threads: Setting up Files (High Performance Backend) and Probably DNS help with NC Docker + Collabora + Wireguard tunnel - #5 by wwe