You’d use a reverse proxy to terminate SSL - if you’ll be accessing over HTTP only (which is not recommended or advisable if you’re putting it on the internet) then you can go direct.
You’d make the Docker containers share the same network - so your reverse proxy container would be the one that maps a port to outside, and then you’d proxy pass after SSL to the Xibo container on the internal Docker network. Its very neat 