I kind of followed the tutorial, but changed the tailscale configuration to how it is advised by tailscale in their blog about tailscale in docker. It is running fine for me.

compose.yml:

services:
  nextcloud-aio-mastercontainer:
    image: nextcloud/all-in-one:latest
    init: true
    restart: always
    container_name: nextcloud-aio-mastercontainer
    volumes:
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # do not change
      - /var/run/docker.sock:/var/run/docker.sock:ro # do not change
    networks:
      - nextcloud-aio
    ports:
      - 8091:8080
    environment:
      APACHE_PORT: 11000
      APACHE_IP_BINDING: 127.0.0.1
      SKIP_DOMAIN_VALIDATION: true

  nc-caddy:
    image: caddy:alpine
    container_name: nc-caddy
    restart: always
    environment:
      NC_DOMAIN: nc.tailnet.ts.net
    volumes:
      - ./caddy/Caddyfile:/etc/caddy/Caddyfile
      - ./caddy/caddy_data:/data
      - ./caddy/caddy_config:/config
      - ./caddy/caddy_certs:/certs
      - ./tailscale/tailscale_sock:/var/run/tailscale/:ro
    network_mode: service:nc-tailscale
    labels:
      - com.centurylinklabs.watchtower.enable=true

  nc-tailscale:
    image: tailscale/tailscale:latest
    container_name: nc-tailscale
    restart: always
    init: true
    environment:
      - TS_HOSTNAME=nc
      - TS_AUTH_KEY=tskey-auth-xxx
      - TS_EXTRA_ARGS=--advertise-tags=tag:container
      - TS_STATE_DIR=/var/lib/tailscale
    volumes:
      - ./tailscale/state:/var/lib/tailscale
      - ./tailscale/config:/config
      - ./tailscale/tailscale_sock:/tmp
    devices:
      - /dev/net/tun:/dev/net/tun
    cap_add:
      - net_admin
      - sys_module
    networks:
      - nextcloud-aio
    labels:
      - com.centurylinklabs.watchtower.enable=true

volumes:
  nextcloud_aio_mastercontainer:
    name: nextcloud_aio_mastercontainer

networks:
  nextcloud-aio:
    name: nextcloud-aio
    driver: bridge
    enable_ipv6: false

Caddyfile:

https://{$NC_DOMAIN}:443 {
    reverse_proxy nextcloud-aio-apache:11000
}