it’s definitely possible, my docker setup I don’t expose the application container at all (because I don’t want to care about TLS certificates in multiple places), so I try to make external and internal traffic flow almost same…
my setup is more like this:
I see some advantages in such setup:
- all clients follow the same path (logging, monitoring)
- all clients see the same TLS cert
- no need to expose NC container even to internal clients (valid TLS cert, security headers, maybe reverse proxy adds some security measures)
there might be disadvantages as well but I don’t see any at the moment