You don't want the nextcloud to be public for everyone, then I'd go the tailscale route without a vps. Just connect your Server and phone.
If you want it to be public, then I'd still use tailscale and do it like the other comment suggested.
Reverse Proxy on vps connected to tailscale, proxzies the traffic through the tailnet to your server. That's what I'm doing btw.
Yeah, I did not know it is that bad....