I finally succeeded in deploying a hub using Traefik and docker-compose. Traefik acts as a reverse proxy and automatically obtains and installs LetsEncrypt SSL certificates for you. Ideally this will allow people to deploy a hub with almost a single command. It would allow the Hubzilla developers to maintain the system dependencies and things like database optimizations. There are still some things to work out, including the cron job and the DNS issue with the database container address (merge request submitted).
 
Still working on this thing. The primary challenge is the fact that we have these DNS checks that fail from the docker container for some reason, but I can't bypass them using the existing Hubzilla config settings because those can only be added to .htconfig.php prior to database creation. But, if .htconfig.php exists, the hub setup is skipped because it assumes the database has been installed. My solution is to hack around this by installing the database schema via shell script when the container is initally started (if it does not already exist), and to generate the .htconfig.php in the Dockerfile, substituting or generating the relevant info. This should allow the admin to just immediately to the registration step based on the admin email they specified in the docker-compose parameters.
  
This is why there is .htpreconfig.php
  
That doesn't help the DNS check that fails when you do the admin account registration. At that point, the database has been installed and a new .htconfig.php generated. The only way you can add the config to disable DNS check after the web-based setup process is by modifying the Hubzilla code which I didn't want to do.