I’m not deep into the WOPI protocol details… but I’m under impression the integration only works if domains of both system match. There no “open access” to all you files through the WOPI server… The access works in a way an authenticated user tries to edit a file, the cloud generates a unique URL including a token aka password to access this file through WOPI system and only using this URL it’s possible to access the file (for some time?). WOPI access list provides another level of protection reducing attack vector through leaked URLs… take a look at Collabora integration guide I referenced details to WOPI protocol as well.
definitely a good idea to check real-ip for systems running behind reverse proxy. Would be great you file an issue at Issues · nextcloud/richdocuments · GitHub