adding Profile file as env to front-end

config/local-testing/front-end/default.conf.org

+upstream ui_server { server ui-api:8080; }
+upstream ws_server { server srg:7681; }
+upstream ps_server { server public-safety:50005; }
+###upstream ic_ps_server { server public-safety-ic:50004; }
+upstream otp_server { server ipgallery-mcz.com:8099; }
+upstream kibana_server { server kibana:5601; }
+upstream camera_stream { server 62.90.201.74:9081; }
+upstream camera_api { server 62.90.201.74:9090; }
+upstream public_safety_camera { server 24.172.188.211:16000; }
+upstream transportation_server { server transportation:50035; }
+upstream parking_server { server parking:50055; }
+upstream analytics_server { server analytics:50080; }
+# file but keep this around for reference. Or just disable in sites-enabled.
+#
+# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
+##
+#    client_max_body_size 0;
+    map $http_upgrade $connection_upgrade {
+    default upgrade;
+    '' close;
+    }
+
+    # List of application servers
+    #upstream ui_server {
+    #    server 172.16.1.151:8080;
+    #}
+    #upstream ws_server {
+    #	server 172.16.1.97:7681;
+    #}
+    #upstream ps_server {
+    #	server 172.16.1.97:7681;
+    #}
+
+server {
+    # new configuration for latest lets-encrypt support
+	# SSL configuration
+	#
+	#	listen 443 ssl default_server;
+
+    #	root /config/www;
+    #	index index.html index.htm index.php;
+
+    server_name _;
+
+    # http listen
+    listen 80 default_server;
+    listen [::]:80 default_server;
+
+    # all ssl related config moved to ssl.conf
+    #include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # SSL configuration
+    #
+    listen 443 ssl default_server;
+    listen [::]:443 ssl default_server;
+
+    ssl_certificate /config/keys/letsencrypt/fullchain.pem;
+    ssl_certificate_key /config/letsencrypt//keys/privkey.pem;
+#    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
+#    ssl_prefer_server_ciphers on;
+
+    root /usr/share/nginx/html;
+    index index.html index.htm;
+
+
+	location / {
+		# First attempt to serve request as file, then
+		# as directory, then fall back to displaying a 404.
+		try_files $uri $uri/ =404;
+		# Uncomment to enable naxsi on this location
+		# include /etc/nginx/naxsi.rules
+
+        proxy_pass http://ws_server;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+        proxy_read_timeout 400s;
+
+        if ($http_origin) {
+               set $cors "true";
+         }
+
+		if ($request_method = 'OPTIONS') {
+			set $cors "${cors}options";
+			add_header 'Access-Control-Allow-Origin' $http_origin;
+			add_header 'Access-Control-Allow-Credentials' 'true';
+			add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+			add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since';
+			add_header 'Access-Control-Max-Age' 1728000;
+			add_header 'Content-Type' 'text/plain charset=UTF-8';
+			add_header 'Content-Length' 0;
+ 
+			return 204;
+		}
+ 
+		if ($request_method = 'GET') {
+			set $cors "${cors}get";
+			add_header 'Access-Control-Allow-Origin' $http_origin;
+			add_header 'Access-Control-Allow-Credentials' 'true';
+			add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+		}
+		if ($request_method = 'POST') {
+			set $cors "${cors}post";
+			add_header 'Access-Control-Allow-Origin' $http_origin;
+			add_header 'Access-Control-Allow-Credentials' 'true';
+			add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+		}
+		 
+		if ($cors = "trueget") {
+			add_header 'Access-Control-Allow-Origin' "$http_origin";
+			add_header 'Access-Control-Allow-Credentials' 'true';
+		}
+		 
+		if ($cors = "truepost") {
+			add_header 'Access-Control-Allow-Origin' "$http_origin";
+			add_header 'Access-Control-Allow-Credentials' 'true';
+		}
+		 
+		if ($cors = "trueoptions") {
+			add_header 'Access-Control-Allow-Origin' "$http_origin";
+			add_header 'Access-Control-Allow-Credentials' 'true';
+			add_header 'Access-Control-Max-Age' 1728000;
+			add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+			add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since';
+			add_header 'Content-Length' 0;
+			add_header 'Content-Type' 'text/plain charset=UTF-8';
+			return 204;
+		}
+	}
+
+    # Client
+    location  = /app {
+    	root  /usr/share/nginx/html/app;
+        #return 301 /$scheme://localhost/app/index.html;
+    }
+
+    location   /mcweb/ {
+    	alias  /opt/mcz/;
+    }
+
+
+    # SRG
+    location /srg {
+        proxy_pass http://ws_server;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+    }
+
+    # mqtt
+    location /mqtt {
+        rewrite  /mqtt  / break;
+        proxy_pass http://mqtt:8080;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+    }
+
+    # UI Server
+    location  ~ ^/control/app/(.*)\.htm$ {
+        rewrite  ^/control/app/(.*)  /ui$1 break;
+        proxy_pass   http://ui_server/ui/$1?$args;
+        proxy_set_header Host      $host:$server_port;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    # UI Server
+    location ~ ^/control/app/api/async/ {
+        rewrite  ^/control/app/(.*)  /ui$1 break;
+        proxy_pass       http://ui_server/ui/$1?$args;
+        proxy_set_header Host      $host:$server_port;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    # UI Server
+    location ~ ^/control/app/Profiles {
+        rewrite  ^/control/app/(.*)  /ui$1 break;
+        proxy_pass       http://ui_server/ui/$1?$args;
+        proxy_set_header Host      $host:$server_port;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    # UI Server
+    location ~ ^/control/app/PushRegistration {
+        rewrite  ^/control/app/(.*)  /ui$1 break;
+        proxy_pass       http://ui_server/ui/$1?$args;
+        proxy_set_header Host      $host:$server_port;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    location ~ ^/control/app/user_images/* {
+        rewrite  ^/control/app/(.*)  /ui$1 break;
+        proxy_pass       http://ui_server/ui/$1?$args;
+        proxy_set_header Host      $host;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    # UI Server
+    location ~ ^/control/ui/ {
+        rewrite  ^/control/(.*)  /$1 break;
+        proxy_pass      http://ui_server;
+        proxy_set_header Host      $host:$server_port;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    # UI Server
+    location ~ ^/control/publicSafety {
+        rewrite  ^/control/(.*)  /$1 break;
+        proxy_pass      http://ps_server;
+        proxy_set_header Host      $host:$server_port;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+
+
+#   location ~ ^/control/ic-public-safety {
+#            rewrite  ^/control/(.*)  /$1 break;
+#            proxy_pass      http://ic_ps_server;
+#            proxy_set_header Host      $host:$server_port;
+#            proxy_set_header X-Real-IP $remote_addr;
+#        }
+
+    # UI Server
+        location ~ ^/control/public-safety {
+            rewrite  ^/control/(.*)  /$1 break;
+            proxy_pass      http://ps_server;
+            proxy_set_header Host      $host:$server_port;
+            proxy_set_header X-Real-IP $remote_addr;
+        }
+
+    # Open Trip Planner Server
+    location ~ ^/client/otp/routers {
+        rewrite  ^/client/(.*)  /$1 break;
+        proxy_pass       http://otp_server;
+        proxy_set_header Host      $host:$server_port;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    # Kibana Server
+    location ~ (/app/kibana|^/bundles/|/kibana4|/status|^/plugins|^/elasticsearch|^/api/xpack|^/api/monitoring|^/api/reporting|^/api/security) {
+         rewrite  ^/control/(.*)  /$1 break;
+         proxy_pass                  http://kibana_server;
+         proxy_http_version 1.1;
+         proxy_set_header Upgrade $http_upgrade;
+         proxy_set_header Connection "upgrade";
+         proxy_set_header Host $host;
+         proxy_set_header Authorization "Basic ZWxhc3RpYzpjaGFuZ2VtZQ==";
+         rewrite /kibana/#/(.*)$ /$1 break;
+    }
+
+    # Kibana Server - cont.
+    location ~ (^/ui/fonts|^/control/api/timelion|^/control/api/console|^/es_admin) {
+         rewrite  ^/control/(.*)  /$1 break;
+         proxy_pass                  http://kibana_server;
+         proxy_http_version 1.1;
+         proxy_set_header Upgrade $http_upgrade;
+         proxy_set_header Connection "upgrade";
+         proxy_set_header Host $host;
+         proxy_set_header Authorization "Basic ZWxhc3RpYzpjaGFuZ2VtZQ==";
+         rewrite /kibana/#/(.*)$ /$1 break;
+    }
+
+    # Grafana Server
+    location /grafana/ {
+        proxy_pass http://grafana:3000/;
+    }
+
+    # predictions
+    location /predictions/ {
+        proxy_pass http://predictions:50065/;
+    }
+
+    # activities
+    location /activities/ {
+        proxy_pass http://activities:50070/;
+    }
+
+    # reports
+    location /reports/ {
+        add_header "Access-Control-Allow-Origin" "*";
+        proxy_pass http://reports:50075/;
+    }
+
+    # analytics
+    location /analytics/ {
+        add_header "Access-Control-Allow-Origin" "*";
+        proxy_pass http://analytics:50080/;
+    }
+
+    # alerts
+    location /alerts/ {
+        add_header "Access-Control-Allow-Origin" "*";
+        proxy_pass http://alerts:50090/;
+    }
+
+    # services
+    location /services/ {
+        add_header "Access-Control-Allow-Origin" "*";
+        proxy_pass http://scp:10010/;
+    }
+
+    # heatmap3d
+    location /map3d/ {
+        proxy_pass http://172.16.1.72:8080/;
+    }
+
+    # Camera Stream
+    location ~ /streetCamera {
+        rewrite  ^/(.*) /videostream.cgi?user=admin&pwd=giptmgr break;
+        proxy_pass       http://camera_stream;
+        proxy_set_header Host      $host:$server_port;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    # Camera API
+    location ~ ^/api/cam/ {
+        rewrite  ^/control/(.*)  /$1 break;
+        proxy_pass       http://camera_api;
+        proxy_set_header Host      $host:$server_port;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    # Public Safety Camera
+        location ~ /polCamera {
+        rewrite  ^/(.*) /control/faststream.jpg?stream=full&stream=MxPEG&fps=10 break;
+        proxy_pass       https://public_safety_camera;
+        proxy_set_header Host      $host:$server_port;
+        proxy_set_header X-Real-IP $remote_addr;
+#        return 301 http://24.172.188.211:16000/control/faststream.jpg?stream=full&stream=MxPEG&fps=10;
+        }
+
+    # Trafice Lanes
+    location ~  ^/control/transportation/ {
+        rewrite  ^/control/(.*)  /$1 break;
+        proxy_pass       http://transportation_server;
+        proxy_set_header Host      $host:$server_port;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    # Parking Spots
+    location  ~ ^/control/parking/ {
+        rewrite  ^/control/(.*)  /$1 break;
+        proxy_pass       http://parking_server;
+        proxy_set_header Host      $host:$server_port;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    # Web Control Center
+    location ~ ^/control {
+        rewrite /control/(.*)$ /$1 break;
+        proxy_pass       http://ui-web-control;
+        proxy_set_header Host      $host:$server_port;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    # Web Client
+    location ~  ^/client/transportation/ {
+            rewrite  ^/client/(.*)  /$1 break;
+            proxy_pass       http://transportation_server;
+            proxy_set_header Host      $host:$server_port;
+            proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    location ~ ^/client {
+        rewrite ^/client/(.*)$ /$1 break;
+        proxy_pass       http://ui-web-client;
+        proxy_set_header Host      $host:$server_port;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    # Web Driver
+        location ~ ^/driver {
+            rewrite ^/driver/(.*)$ /$1 break;
+            proxy_pass       http://ui-web-driver;
+            proxy_set_header Host      $host:$server_port;
+            proxy_set_header X-Real-IP $remote_addr;
+        }
+
+  # New Control-Center
+       location ~ (^/center|^/static) {
+            rewrite ^/center/(.*)$ /$1 break;
+            proxy_pass       http://control-center;
+            proxy_set_header Host      $host:$server_port;
+            proxy_set_header X-Real-IP $remote_addr;
+        }
+
+    # UI - old images
+    location ~ ^/ui {
+        proxy_pass       http://ui_server;
+        proxy_set_header Host      $host:$server_port;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    # cms server
+    location /cms/ {
+        proxy_pass https://municipalitybank.com:8085/;
+    }
+
+    location /ride-service/ {
+        proxy_pass http://159.65.83.13:10010/;
+    }
+
+    location /polling/ {
+	proxy_pass http://159.65.83.13:8085/;
+    }
+}

config/local-testing/front-end/default/default.conf

+include /usr/share/nginx/modules/*.conf;
+#load_module /etc/nginx/modules/ngx_http_lua_module.so;
+
+upstream ui_server { server ui-api:8080; }
+upstream ws_server { server srg:7681; }
+upstream ps_server { server public-safety:50005; }
+###upstream ic_ps_server { server public-safety-ic:50004; }
+upstream otp_server { server ipgallery-mcz.com:8099; }
+upstream kibana_server { server kibana:5601; }
+upstream camera_stream { server 62.90.201.74:9081; }
+upstream camera_api { server 62.90.201.74:9090; }
+upstream public_safety_camera { server 24.172.188.211:16000; }
+upstream transportation_server { server transportation:50035; }
+upstream parking_server { server parking:50055; }
+upstream analytics_server { server analytics:50080; }
+
+# file but keep this around for reference. Or just disable in sites-enabled.
+#
+# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
+##
+#    client_max_body_size 0;
+    map $http_upgrade $connection_upgrade {
+    default upgrade;
+    '' close;
+    }
+
+    # List of application servers
+    #upstream ui_server {
+    #    server 172.16.1.151:8080;
+    #}
+    #upstream ws_server {
+    #	server 172.16.1.97:7681;
+    #}
+    #upstream ps_server {
+    #	server 172.16.1.97:7681;
+    #}
+
+
+server {
+#    env PROFILE_FILE_NAME;
+    set_by_lua $profile_file_name 'return os.getenv("PROFILE_FILE_NAME")';
+
+    # new configuration for latest lets-encrypt support
+	# SSL configuration
+	#
+	#	listen 443 ssl default_server;
+
+    #	root /config/www;
+    #	index index.html index.htm index.php;
+
+    server_name _;
+
+    # http listen
+    listen 80 default_server;
+    listen [::]:80 default_server;
+
+    # all ssl related config moved to ssl.conf
+    #include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # SSL configuration
+    #
+    listen 443 ssl default_server;
+    listen [::]:443 ssl default_server;
+
+    ssl_certificate /config/keys/letsencrypt/fullchain.pem;
+    ssl_certificate_key /config/letsencrypt//keys/privkey.pem;
+#    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
+#    ssl_prefer_server_ciphers on;
+
+    root /usr/share/nginx/html;
+    index index.html index.htm;
+
+
+	location / {
+		# First attempt to serve request as file, then
+		# as directory, then fall back to displaying a 404.
+		try_files $uri $uri/ =404;
+		# Uncomment to enable naxsi on this location
+		# include /etc/nginx/naxsi.rules
+
+        proxy_pass http://ws_server;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+        proxy_read_timeout 400s;
+
+        if ($http_origin) {
+               set $cors "true";
+         }
+
+		if ($request_method = 'OPTIONS') {
+			set $cors "${cors}options";
+			add_header 'Access-Control-Allow-Origin' $http_origin;
+			add_header 'Access-Control-Allow-Credentials' 'true';
+			add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+			add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since';
+			add_header 'Access-Control-Max-Age' 1728000;
+			add_header 'Content-Type' 'text/plain charset=UTF-8';
+			add_header 'Content-Length' 0;
+ 
+			return 204;
+		}
+ 
+		if ($request_method = 'GET') {
+			set $cors "${cors}get";
+			add_header 'Access-Control-Allow-Origin' $http_origin;
+			add_header 'Access-Control-Allow-Credentials' 'true';
+			add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+		}
+		if ($request_method = 'POST') {
+			set $cors "${cors}post";
+			add_header 'Access-Control-Allow-Origin' $http_origin;
+			add_header 'Access-Control-Allow-Credentials' 'true';
+			add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+		}
+		 
+		if ($cors = "trueget") {
+			add_header 'Access-Control-Allow-Origin' "$http_origin";
+			add_header 'Access-Control-Allow-Credentials' 'true';
+		}
+		 
+		if ($cors = "truepost") {
+			add_header 'Access-Control-Allow-Origin' "$http_origin";
+			add_header 'Access-Control-Allow-Credentials' 'true';
+		}
+		 
+		if ($cors = "trueoptions") {
+			add_header 'Access-Control-Allow-Origin' "$http_origin";
+			add_header 'Access-Control-Allow-Credentials' 'true';
+			add_header 'Access-Control-Max-Age' 1728000;
+			add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+			add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since';
+			add_header 'Content-Length' 0;
+			add_header 'Content-Type' 'text/plain charset=UTF-8';
+			return 204;
+		}
+	}
+
+    # Client
+    location  = /app {
+    	root  /usr/share/nginx/html/app;
+        #return 301 /$scheme://localhost/app/index.html;
+    }
+
+    location   /mcweb/ {
+    	alias  /opt/mcz/;
+    }
+
+
+    # SRG
+    location /srg {
+        proxy_pass http://ws_server;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+    }
+
+    # mqtt
+    location /mqtt {
+        rewrite  /mqtt  / break;
+        proxy_pass http://mqtt:8080;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+    }
+
+    # UI Server
+    location  ~ ^/control/app/(.*)\.htm$ {
+        rewrite  ^/control/app/(.*)  /ui$1 break;
+        proxy_pass   http://ui_server/ui/$1?$args;
+        proxy_set_header Host      $host:$server_port;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    # UI Server
+    location ~ ^/control/app/api/async/ {
+        rewrite  ^/control/app/(.*)  /ui$1 break;
+        proxy_pass       http://ui_server/ui/$1?$args;
+        proxy_set_header Host      $host:$server_port;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    # UI Server
+    location ~ ^/control/app/Profiles {
+        rewrite  ^/control/app/(.*)  /ui$1 break;
+        proxy_pass       http://ui_server/ui/$1?$args;
+        proxy_set_header Host      $host:$server_port;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    # UI Server
+    location ~ ^/control/app/PushRegistration {
+        rewrite  ^/control/app/(.*)  /ui$1 break;
+        proxy_pass       http://ui_server/ui/$1?$args;
+        proxy_set_header Host      $host:$server_port;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    location ~ ^/control/app/user_images/* {
+        rewrite  ^/control/app/(.*)  /ui$1 break;
+        proxy_pass       http://ui_server/ui/$1?$args;
+        proxy_set_header Host      $host;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    # UI Server
+    location ~ ^/control/ui/ {
+        rewrite  ^/control/(.*)  /$1 break;
+        proxy_pass      http://ui_server;
+        proxy_set_header Host      $host:$server_port;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    # UI Server
+    location ~ ^/control/publicSafety {
+        rewrite  ^/control/(.*)  /$1 break;
+        proxy_pass      http://ps_server;
+        proxy_set_header Host      $host:$server_port;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+
+
+#   location ~ ^/control/ic-public-safety {
+#            rewrite  ^/control/(.*)  /$1 break;
+#            proxy_pass      http://ic_ps_server;
+#            proxy_set_header Host      $host:$server_port;
+#            proxy_set_header X-Real-IP $remote_addr;
+#        }
+
+    # UI Server
+        location ~ ^/control/public-safety {
+            rewrite  ^/control/(.*)  /$1 break;
+            proxy_pass      http://ps_server;
+            proxy_set_header Host      $host:$server_port;
+            proxy_set_header X-Real-IP $remote_addr;
+        }
+
+    # Open Trip Planner Server
+    location ~ ^/client/otp/routers {
+        rewrite  ^/client/(.*)  /$1 break;
+        proxy_pass       http://otp_server;
+        proxy_set_header Host      $host:$server_port;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    # Kibana Server
+    location ~ (/app/kibana|^/bundles/|/kibana4|/status|^/plugins|^/elasticsearch|^/api/xpack|^/api/monitoring|^/api/reporting|^/api/security) {
+         rewrite  ^/control/(.*)  /$1 break;
+         proxy_pass                  http://kibana_server;
+         proxy_http_version 1.1;
+         proxy_set_header Upgrade $http_upgrade;
+         proxy_set_header Connection "upgrade";
+         proxy_set_header Host $host;
+         proxy_set_header Authorization "Basic ZWxhc3RpYzpjaGFuZ2VtZQ==";
+         rewrite /kibana/#/(.*)$ /$1 break;
+    }
+
+    # Kibana Server - cont.
+    location ~ (^/ui/fonts|^/control/api/timelion|^/control/api/console|^/es_admin) {
+         rewrite  ^/control/(.*)  /$1 break;
+         proxy_pass                  http://kibana_server;
+         proxy_http_version 1.1;
+         proxy_set_header Upgrade $http_upgrade;
+         proxy_set_header Connection "upgrade";
+         proxy_set_header Host $host;
+         proxy_set_header Authorization "Basic ZWxhc3RpYzpjaGFuZ2VtZQ==";
+         rewrite /kibana/#/(.*)$ /$1 break;
+    }
+
+    # Grafana Server
+    location /grafana/ {
+        proxy_pass http://grafana:3000/;
+    }
+
+    # predictions
+    location /predictions/ {
+        proxy_pass http://predictions:50065/;
+    }
+
+    # activities
+    location /activities/ {
+        proxy_pass http://activities:50070/;
+    }
+
+    # reports
+    location /reports/ {
+        add_header "Access-Control-Allow-Origin" "*";
+        proxy_pass http://reports:50075/;
+    }
+
+    # analytics
+    location /analytics/ {
+        add_header "Access-Control-Allow-Origin" "*";
+        proxy_pass http://analytics:50080/;
+    }
+
+    # alerts
+    location /alerts/ {
+        add_header "Access-Control-Allow-Origin" "*";
+        proxy_pass http://alerts:50090/;
+    }
+
+    # services
+    location /services/ {
+        add_header "Access-Control-Allow-Origin" "*";
+        proxy_pass http://scp:10010/;
+    }
+
+    # heatmap3d
+    location /map3d/ {
+        proxy_pass http://172.16.1.72:8080/;
+    }
+
+    # Camera Stream
+    location ~ /streetCamera {
+        rewrite  ^/(.*) /videostream.cgi?user=admin&pwd=giptmgr break;
+        proxy_pass       http://camera_stream;
+        proxy_set_header Host      $host:$server_port;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    # Camera API
+    location ~ ^/api/cam/ {
+        rewrite  ^/control/(.*)  /$1 break;
+        proxy_pass       http://camera_api;
+        proxy_set_header Host      $host:$server_port;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    # Public Safety Camera
+        location ~ /polCamera {
+        rewrite  ^/(.*) /control/faststream.jpg?stream=full&stream=MxPEG&fps=10 break;
+        proxy_pass       https://public_safety_camera;
+        proxy_set_header Host      $host:$server_port;
+        proxy_set_header X-Real-IP $remote_addr;
+#        return 301 http://24.172.188.211:16000/control/faststream.jpg?stream=full&stream=MxPEG&fps=10;
+        }
+
+    # Trafice Lanes
+    location ~  ^/control/transportation/ {
+        rewrite  ^/control/(.*)  /$1 break;
+        proxy_pass       http://transportation_server;
+        proxy_set_header Host      $host:$server_port;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    # Parking Spots
+    location  ~ ^/control/parking/ {
+        rewrite  ^/control/(.*)  /$1 break;
+        proxy_pass       http://parking_server;
+        proxy_set_header Host      $host:$server_port;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    # Web Control Center
+    location ~ ^/control {
+        rewrite /control/(.*)$ /$1 break;
+        proxy_pass       http://ui-web-control;
+        proxy_set_header Host      $host:$server_port;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    # Web Client
+    location ~  ^/client/transportation/ {
+            rewrite  ^/client/(.*)  /$1 break;
+            proxy_pass       http://transportation_server;
+            proxy_set_header Host      $host:$server_port;
+            proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    location ~ ^/client {
+        rewrite ^/client/(.*)$ /$1 break;
+        proxy_pass       http://ui-web-client;
+        proxy_set_header Host      $host:$server_port;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    # Web Driver
+        location ~ ^/driver {
+            rewrite ^/driver/(.*)$ /$1 break;
+            proxy_pass       http://ui-web-driver;
+            proxy_set_header Host      $host:$server_port;
+            proxy_set_header X-Real-IP $remote_addr;
+        }
+
+  # New Control-Center
+       location ~ (^/center|^/static) {
+            rewrite ^/center/(.*)$ /$1 break;
+            proxy_pass       http://control-center;
+            proxy_set_header Host      $host:$server_port;
+            proxy_set_header X-Real-IP $remote_addr;
+        }
+
+    # UI - old images
+    location ~ ^/ui {
+        proxy_pass       http://ui_server;
+        proxy_set_header Host      $host:$server_port;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    # cms server
+    location /cms/ {
+        proxy_pass https://municipalitybank.com:8085/;
+    }
+
+   # cms server
+    location /profiles/profile.json {
+#        proxy_pass https://municipalitybank.com:8085/s/38DT6ptK3WL0NYi/download;
+        proxy_pass https://municipalitybank.com:8085/s/$profile_file_name/download;
+    }
+
+    location /ride-service/ {
+        proxy_pass http://159.65.83.13:10010/;
+    }
+
+    location /polling/ {
+	proxy_pass http://159.65.83.13:8085/;
+    }
+}

config/local-testing/front-end/nginx.conf

+
+user  nginx;
+worker_processes  1;
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+env PROFILE_FILE_NAME;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    include /etc/nginx/conf.d/*.conf;
+}

config/local-testing/mcx-frontend.yml

@@ -3,8 +3,8 @@ services:
   ### UI-WEB-CONTROL (NGINX + WEB)
   ui-web-control:
     environment:
-      OTP_SERVER: "otp:8081"
-      KIBANA_SERVER: "elk:5601"
+      OTP_SERVER: "ipgallery-mcz.com:8099"
+      KIBANA_SERVER: "kibana:5601"
       CAMERA_STREAM: "62.90.201.74:9081"
       CAMERA_API: "62.90.201.74:9090"
       PUBLIC_SAFETY_CAMERA: "24.172.188.211:16000"
@@ -14,20 +14,32 @@ services:
       UI_SERVER_HOSTPORT: "ui-api:8080"
       PUBLIC_SAFETY_IC_PORT_50004_TCP_ADDR: "public-safety-ic"
       SRG_SERVER_HOSTPORT: "srg:7681"
-    image: municipalitybank.com:5050/mcx/ui-web/control-center:15-ac1b3bf
-    #image: municipalitybank.com:5050/mcx/ui-web:control-center-4-bcf87bc0003a3ed214fabb45e684bb837bb593ef
+    image:  municipalitybank.com:5050/mcx/ui-web/control-center-v2:43-da07258
+#    image:  municipalitybank.com:5050/mcx/ui-web/control-center-v2:41-485bdaa
+#    image:  municipalitybank.com:5050/mcx/ui-web/control-center-v2:40-5dfdcda
+#    image:  municipalitybank.com:5050/mcx/ui-web/control-center-v2:39-ffad3bf
+#    image:  municipalitybank.com:5050/mcx/ui-web/control-center-v2:38-1048a5b
+#    image:  municipalitybank.com:5050/mcx/ui-web/control-center-v2:37-a980cf0
+#    image:  municipalitybank.com:5050/mcx/ui-web/control-center-v2:36-c942063
+#    image:  municipalitybank.com:5050/mcx/ui-web/control-center-v2:35-43efe5b
+#    image:  municipalitybank.com:5050/mcx/ui-web/control-center-v2:34-47bf4a9
+#    image: municipalitybank.com:5050/mcx/ui-web/control-center-v2:33-9b31cf8
+#    image: municipalitybank.com:5050/mcx/ui-web/control-center-v2:32-968ff76
+#    image: municipalitybank.com:5050/mcx/ui-web/control-center-v2:30-8b4e45a
     volumes:
       - "/opt/mcx/config/repo/public-safety:/usr/share/nginx/html/repo/public-safety"
     networks:
       - backend
   ### UI-WEB-CLIENT (NGINX + WEB)
   ui-web-client:
-    image: municipalitybank.com:5050/mcx/ui-web/client:21-dfcfa2d
+    image: municipalitybank.com:5050/mcx/ui-web/client:28-6d88ee7
+#    image: municipalitybank.com:5050/mcx/ui-web/client:27-d55dad3
+#    image: municipalitybank.com:5050/mcx/ui-web/client:21-dfcfa2d
     #image: municipalitybank.com:5050/mcx/ui-web:client-8-dea10d499084c4340ed08dd3bedc54a62e127965
     # image: 172.16.1.212:5050/mcx/ui-web:client-25-fc74e8fe1b9cf7fbca90ad3b4da9fc3187bf4d1e
     environment:
-      OTP_SERVER: "otp:8081"
-      KIBANA_SERVER: "elk:5601"
+      OTP_SERVER: "ipgallery-mcz.com:8099"
+      KIBANA_SERVER: "kibana:5601"
       CAMERA_STREAM: "62.90.201.74:9081"
       CAMERA_API: "62.90.201.74:9090"
       PUBLIC_SAFETY_CAMERA: "24.172.188.211:16000"
@@ -41,11 +53,12 @@ services:
       - backend
   ### UI-WEB-DRIVER (NGINX + WEB)
   ui-web-driver:
+    image: municipalitybank.com:5050/ipgallery.web/driver:2-8af1450
   #  image: 172.16.1.212:5050/mcx/ui-web:driver-11-0a1f26cdf30b6734909f9c815a0b98c83b1a2c01
-    image: municipalitybank.com:5050/mcx/ui-web:driver-2-963a1f8b75479192f5de29eb797422e67102fdbb
+  #  image: municipalitybank.com:5050/mcx/ui-web:driver-2-963a1f8b75479192f5de29eb797422e67102fdbb
     environment:
-      OTP_SERVER: "otp:8081"
-      KIBANA_SERVER: "elk:5601"
+      OTP_SERVER: "ipgallery-mcz.com:8099"
+      KIBANA_SERVER: "kibana:5601"
       CAMERA_STREAM: "62.90.201.74:9081"
       CAMERA_API: "62.90.201.74:9090"
       PUBLIC_SAFETY_CAMERA: "24.172.188.211:16000"
@@ -57,11 +70,36 @@ services:
       SRG_SERVER_HOSTPORT: "srg:7681"
     networks:
       - backend
+  ## CONTROL-CENTER-NEW
+  control-center:
+    image: municipalitybank.com:5050/ipgallery.web/control-center:52-3a16cae
+#    image: municipalitybank.com:5050/ipgallery.web/control-center:51-b52ae5d
+#    image: municipalitybank.com:5050/ipgallery.web/control-center:50-d2832a9
+#    image: municipalitybank.com:5050/ipgallery.web/control-center:49-3699a0e
+#    image: municipalitybank.com:5050/ipgallery.web/control-center:48-2035470
+#    image: municipalitybank.com:5050/ipgallery.web/control-center:45-dfc8e44
+#    image: municipalitybank.com:5050/ipgallery.web/control-center:44-cd53f18
+#    image: municipalitybank.com:5050/ipgallery.web/control-center:44-cd53f18
+#    image: municipalitybank.com:5050/ipgallery.web/control-center:43-d617167
+#    image: municipalitybank.com:5050/ipgallery.web/control-center:42-6af9c7a
+#    image: municipalitybank.com:5050/ipgallery.web/control-center:38-e011a84
+#    image: municipalitybank.com:5050/ipgallery.web/control-center:36-ccb08f4
+#    image: municipalitybank.com:5050/ipgallery.web/control-center:34-969ced1
+#    image: municipalitybank.com:5050/ipgallery.web/control-center:33-6d624c9
+#    image: municipalitybank.com:5050/ipgallery.web/control-center:32-1182ad7
+#    image: municipalitybank.com:5050/ipgallery.web/control-center:31-cdab784
+#    image: municipalitybank.com:5050/ipgallery.web/control-center:30-3f6ec96
+#    image: municipalitybank.com:5050/ipgallery.web/control-center:25-39b1f5d
+    networks:
+      - backend
+
   ## FRONT END
   front-end:
+    image: firesh/nginx-lua
+#    image: nginx
     environment:
-      OTP_SERVER: "otp:8081"
-      KIBANA_SERVER: "elk:5601"
+      OTP_SERVER: "ipgallery-mcz.com:8099"
+      KIBANA_SERVER: "kibana:5601"
       CAMERA_STREAM: "62.90.201.74:9081"
       CAMERA_API: "62.90.201.74:9090"
       PUBLIC_SAFETY_CAMERA: "24.172.188.211:16000"
@@ -73,21 +111,55 @@ services:
       PUBLIC_SAFETY_IC_PORT_50004_TCP_ADDR: "public-safety-ic"
       SRG_PORT_7681_TCP_ADDR: "srg"
       SRG_PORT_7681_TCP_PORT: "7681"
-      PGID: "911"
-      PUID: "911"
-      ONLY_SUBDOMAINS: "false"
-      URL: "ipgallery-mcz.com"
-      TZ: "Israel"
-    image: municipalitybank.com:5050/mcx/front-end:19-d2f0bbb
-#    image: municipalitybank.com:5050/mcx/front-end/develop-new-letsencrypt
-#    image: municipalitybank.com:5050/mcx/front-end:18-c45b301
+      PROFILE_FILE_NAME: "38DT6ptK3WL0NYi"
     ports:
+      - "80:80"
       - "443:443"  
     volumes:
-      - "/opt/mcz/config-letsencrypt/:/config:rw"
-      - "/opt/mcz/config-letsencrypt/tmp:/var/tmp/nginx:rw"
+      - "/opt/mcz/config-letsencrypt/:/config"
+      - "/opt/mcx/config/front-end/default:/etc/nginx/conf.d"
+      - "/opt/mcx/config/front-end/nginx.conf:/etc/nginx/nginx.conf"
+      - "/tmp/log:/var/log/nginx"
+    extra_hosts:
+      - "mqtt:172.16.1.80"
+      - "grafana:172.16.1.80"
+      - "kibana:172.16.1.80"
+#      - "scp:172.16.1.244"
     networks:
       - backend
+  ## FRONT END
+#  front-end:
+#    environment:
+#      OTP_SERVER: "ipgallery-mcz.com:8099"
+#      KIBANA_SERVER: "kibana:5601"
+#      CAMERA_STREAM: "62.90.201.74:9081"
+#      CAMERA_API: "62.90.201.74:9090"
+#      PUBLIC_SAFETY_CAMERA: "24.172.188.211:16000"
+#      TRANSPORTATION_SERVER: "transportation:50035"
+#      PARKING_SERVER: "parking:50055"
+#      PUBLIC_SAFETY_PORT_50005_TCP_ADDR: "public-safety"
+#      PUBLIC_SAFETY_PORT_50005_TCP_PORT: "50005"
+#      UI_API_PORT_8080_TCP_ADDR: "ui-api"
+#      PUBLIC_SAFETY_IC_PORT_50004_TCP_ADDR: "public-safety-ic"
+#      SRG_PORT_7681_TCP_ADDR: "srg"
+#      SRG_PORT_7681_TCP_PORT: "7681"
+#      PGID: "911"
+#      PUID: "911"
+#      ONLY_SUBDOMAINS: "false"
+#      URL: "ipgallery-mcz.com"
+#      TZ: "Israel"
+#      MAKE_CERT: "false"
+#    image: municipalitybank.com:5050/mcx/front-end:26-29ece50
+##    image: municipalitybank.com:5050/mcx/front-end:24-ebb7806
+#    ports:
+#      - "443:443"  
+#    volumes:
+#      - "/opt/mcz/config-letsencrypt/:/config:rw"
+#      - "/opt/mcz/config-letsencrypt/tmp:/var/tmp/nginx:rw"
+##    extra_hosts:
+##      - "grafana:172.16.1.244"
+#    networks:
+#      - backend
 networks:
   backend:
     driver: bridge