Well, you really have three options with Nextcloud:
- Use the plugin, and take what you get. It's by far the easiest way to initially install Nextcloud, it gets you something up and running quickly, but the configuration is suboptimal (at best), and there's no good way to change it. It's better than it was--it took them six months, but they finally merged my PR that at least gives you a usable system on installation--but I agree with you that https should be included as standard*, even if it's only using a self-signed certificate.
- Use my script. I'm obviously biased, but I think this is the best choice for most users. It gives you an optimized installation using a modern web server that automatically handles SSL (including obtaining and renewing certificates from Let's Encrypt automatically) with a strong configuration, optimizes the database, etc., and is still a standard environment so that updates and modifications are possible.
- Do a manual installation. There are some good guides here (@dureal99d and @samuel-emrys are two; the former was the basis for my script when I first wrote it), but yes, it's a lot more work. Installing Nextcloud itself is actually pretty simple; what's much more involved is getting all its dependencies installed and working, because Nextcloud is a pretty complicated piece of software. But if you want to roll your own, the Nextcloud docs tell you what it needs (web server options, database options, PHP requirements), and then you can run down the rabbit hole on all of those. But if you're choosing to do it the hard way, well, it's going to be hard.
None of these is going to handle the remote access piece, of course, because that can't be controlled on your FreeNAS box, and there are also multiple ways it could be done (port forwarding to the jail is the simplest, but some folks like to set up a reverse proxy elsewhere to point to various internal applications).
* A case where you might
not want https as standard would be if your intended remote access solution was to place your Nextcloud installation behind a reverse proxy. In that case, the proxy would (or at least could) handle TLS termination, and leave LAN traffic unencrypted.