Test environment is set up with several docker containers with reverse proxy in front of them, all on a single virtual machine (VM).
Main domain is maiv1.incubator.geant.org, also with registered wildcard domain *.maiv1.incubator.geant.org, which enables having any number of subdomain virtual hosts.
Virtual host certificates are obtained using acme.sh: https://github.com/acmesh-official/acme.sh
Git repo of the whole setup is internally available here: https://gitlab.software.geant.org/TI_Incubator/saml-signature-validation-test-env
...