I think we’re lacking a feature for a complete docker integration: let’s call it “virtual host reverse proxy”.
This has been discussed on another thread and this one too, but I recall the current reverse proxy UI supports only URL paths. I.e. http://mysite/urlpath
We cannot mask a root path, like http://mysite/ and pass it to our docker container or whatever else.
On the firewall side, our latest Shorewall should come with improved Docker support and I hope this will help us a lot. But if we talk about ports 80 and 443, the httpd reverse proxy is the mandatory choice to keep the all-in-one design.