I think this order should avoid the issues you got:
- Set networks to red and green for correct gateway config
- Request letsencrypt certificate including all your used domains (vhost domains, collabora domain) so Nextcloud/Collabora has it’s needed cert
- Install AD
- Create vhosts
- Install Nextcloud and add a trusted domain if you do not use the FQDN of the Nethserver
- Install Collabora
As regards data from the old SME server, it may be enough to rsync it to the Nethserver with the rsync-migrate script or manually if you only need specific data.
Squid is documented here, maybe you want to add a Web Filter.
Related links: