We’ve generally worked with/recommend an ssl termination point outside of the local container - keeps everything decoupled and you can mitigate bad actors outside of your app logic - nginx is great at that.