When using netFIELD Apps on hosts that are not supporting Hilscher's "netFIELD OS" operating system it is up to the end-user to implement an appropriate mechanism to expose the apps' Web UI ports (usually coming without https:// support) in a secure way.
The most effective and easy solution is to use an nginx reverse proxy (installable also as a container) as the secure bridge between the inner container "bridged" network and the host's network available from outside.
Nginx is able to offer a broad range of security controls that most likely match nearly all end-user needs: https://docs.nginx.com/nginx/admin-guide/security-controls/
The overall setup then may look like the following illustration shows: only a single nginx port needs to be exposed TLS secured as https:// and routes accesses to subordinate application containers