You can do quick additional things:
docker run -t -d -p 127.0.0.1:9980:9980 -e “aliasgroup1=https://nextcloud.domain.online:443” --restart always collabora/code
This binds to localhost. You will have to use your reverse proxy to redirect your Collabora office URL to it.
Additionally, you can “map” the quoted xml file to a local file and change the contents of the file to only read from your local IP’s.
docker run -t -d -p 127.0.0.1:9980:9980 -v /local/docker/filepath/coolwsd.xml:/etc/coolwsd/coolwsd.xml:rw -e “aliasgroup1=https://nextcloud.domain.online:443” --restart always collabora/code
You also should add to your environment -e a username and password to further harden your “admin” Collabora path.