It’s not so much about the ports, its about what you’re running that’s accessible to the public.

If you have a single website on 443 and SSH on 22 (or a non-standard port like 6543) you’re generally considered safe. This is 2 services and someone would need to attack one of the two to get in.

If you have a VPN on 4567 and everything behind the VPN then someone would need to hack the VPN to get in.

If you have 100 different things behind 443 then someone just needs to find a hole in one to get in.

Generally ssh, nginx, a VPN are all safe and they should be on their own ports.

NC is kind of a pain to run and tries to do far to much. I’d pick different software to run than adding addons to nextcloud.

That being said, I add contacts and calendar and use it to sync to my PC/Phone