Next in my docker journey was to bring up SWAG - Secure Web App Gateway. It's a container from Linuxserver.io that combines nginz reverse proxy setup with LetsEncrypt acme client to provide a secure front-end to self-hosted web apps. When SWAG is built in a docker-compose with web apps, it provides a secure (contained within a docker network) backend as well as HTTPS to all client connections.
SWAG provides a bunch of predefined app-specific proxy config files. Of course, there isn't one for tiki so I made one by modifying an existing sample for a subdomain.confg. Code for that is below.
When I first fired it up, I was directed to the default SWAG landing page. Some research reminded me that SWAG talks to the app via the internal network/port, not the external host & ports. I had mistakenly set the upstream port to the external port I had defined for the tiki container. Changing this to use port 80 against the container name fixed this.
I was also concerned that I needed to configure tiki with a cert in ordr to get a clean SSL experince for the client. But nginx handles this nicely as the proxy server. Very nice.