I am making this post mostly for awareness in case anyone else is having a similar issue.

Story

I am running nextcloudpi (nextcloudpi.ownyourbits.com) on a Raspberry Pi 4 8GB using the Debian Buster install script. Note: the OS is Raspberry Pi OS Bullseye 64bit. The install would succeed and tell me to navigate to https://<rpi_ip>/ or https://raspberrypi/ etc. As soon as I did that it would immediately return with a 403 Forbidden. I looked all over and everyone kept pointing to the "trusted_domains" config or the "trusted_proxy", basically trying to use the config file to fix the problem. However, I came to realize that the issue did not lie with the nextcloudpi (ncp) install but rather with apache2.

Well, I reinstalled Raspberry Pi OS and then installed nextcloudpi again fresh. Then, before navigating to https://<rpi_ip>/ I instead went to go check out the activation script located at /etc/apache2/sites-enabled/ncp-activation.conf There is where I found this code block:

<RequireAny>
  Require host localhost
  Require local
  Require ip 192.168
  Require ip 172
  Require ip 10
  ...
</RequireAny>

I now could see that my issue lied with this because my ip address pool did not start with 192.169, or 172, or 10. I had made my ip addresses custom for this virtual network and therefore the activation script would never work. All I had to do was add:

<RequireAny>
  Require host localhost
  Require local
  Require ip 192.168
  Require ip 172
  Require ip 10
  Require ip 123
  ...
</RequireAny>

After that, the activation worked and I was able to get the initial passwords for the account and continue the initial setup.

tl;dr

Problem

• Initial load after installing NextCloudPi resulted in 403 because the IP address of the nextcloudpi install was custom and did not start with 192.168, 172, or 10.

Solution

• After installation completes, open /etc/apache2/sites-enabled/ncp-activation.conf and add the first octet of the custom IP address, or you can tighten the scope by adding the second and third octets too.

I.e ->

<RequireAny>
  Require host localhost
  Require local
  Require ip 192.168
  Require ip 172
  Require ip 10
  # Add this line but change 123 to your custom ip pool's first octet
  Require ip 123
  # Or this to tighten scope of the ip range
  Require ip 111.222.333
  ...
</RequireAny>

• Initial findings that pointed me in this direction : https://github.com/nextcloud/nextcloudpi/issues/408#issuecomment-365589838

• NextCloudPi : https://ownyourbits.com/nextcloudpi/#content_start

Answer is in the original post but I am posting it again here

Problem

• Initial load after installing NextCloudPi resulted in 403 because the IP address of the nextcloudpi install was custom and did not start with 192.168, 172, or 10.

Solution

• After installation completes, open /etc/apache2/sites-enabled/ncp-activation.conf and add the first octet of the custom IP address, or you can tighten the scope by adding the second and third octets too.

I.e ->

<RequireAny>
  Require host localhost
  Require local
  Require ip 192.168
  Require ip 172
  Require ip 10
  # Add this line but change 123 to your custom ip pool's first octet
  Require ip 123
  # Or this to tighten scope of the ip range
  Require ip 111.222.333
  ...
</RequireAny>