Look at reverse proxy instead. While you can do what you’re after with DNS, a bunch of the reverse proxy systems will automatically deal with SSL certificate, and there are even a couple that eliminate essentially all configuration outside of your docker file. Like, add a new docker and it automatically configures appName.domain.tld with SSL assigned. And if you ever decide to expose that address to the Internet, reverse proxy makes that simple and provides some security options as well.
I use Caddy for my reverse proxy running from my OPNsense firewall, but if you want the automation with docker there are better options.
I am a rhythm game enjoyer, I’ve genuinely played Cytus. At this point I’d consider the best mobile rhythm game, but I don’t play it often as I’m not stuck playing only on a phone that often. Like, only play it on airplanes sometimes. I did fiend it for a bit when I first discovered it (10 years ago already?). Much easier to master than any other rhythm game I’ve played, might be part of why I don’t play it more.