Hi Tulpenknicker, thanks
That would also be my preffered solution. Unfortunately there is the following problem: I can only specifiy a single URL which then gets passed to the Javascript/HTML user interface and the Document server.
Therefore specifying a private IP instead of the URL breaks the user interface for all my remote users. Not good at all.
Well, I’m stubborn 
So I took some inspiration from the Wiki and tried it anyway with the following rule:
Source: IP 10.0.0.2 (the client)
Destination: IP 10.0.0.1 (the webserver)
NAT: Source NAT, new Source ORANGE
Protocol: HTTPS
Of course IPFire complained:
The last generated rule may never match, because source and destination subnets may overlap.
Please double-check if this rule makes sense: Source: 10.0.0.2/32 Target: 10.0.0.1/32
But it works fine now!
Obviously I don’t know how exactly this works. So I would appreciate it if someone could explain this to me (or at least confirm that it is safe).