Cool, so all of my apps are now built inside docker containers and the built static files are shared via docker volumes with the internal nginx container, which no longer does ssl and is no longer externally exposed.
Great success.
Now I just need to update all of the build.sh scripts such that docker compose restarts the services that have changes.