diff --git a/dockerfiles/services/sslproxy/Dockerfile b/dockerfiles/services/sslproxy/Dockerfile
index e5258f9..416944f 100644
--- a/dockerfiles/services/sslproxy/Dockerfile
+++ b/dockerfiles/services/sslproxy/Dockerfile
@@ -2,3 +2,4 @@ FROM nginx:alpine
 
 COPY ./nginx.conf /etc/nginx/nginx.conf
 COPY ./hosts /etc/nginx/conf.d/
+RUN rm /etc/nginx/conf.d/default.conf
diff --git a/dockerfiles/services/sslproxy/cli/build b/dockerfiles/services/sslproxy/cli/build
index ca3c422..14012d8 100755
--- a/dockerfiles/services/sslproxy/cli/build
+++ b/dockerfiles/services/sslproxy/cli/build
@@ -77,8 +77,8 @@ function assertTeapot() {
 build_save() {
   echo push to registry
 
-  docker tag $LOCAL_IMAGE $REMOTE_IMAGE
-  docker push $REMOTE_IMAGE
+  docker tag "$LOCAL_IMAGE:$TAG" "$REMOTE_IMAGE"
+  docker push "$REMOTE_IMAGE"
 }
 
 function trap_exit() {
diff --git a/dockerfiles/services/sslproxy/cli/deploy b/dockerfiles/services/sslproxy/cli/deploy
index 004189b..d2fc794 100755
--- a/dockerfiles/services/sslproxy/cli/deploy
+++ b/dockerfiles/services/sslproxy/cli/deploy
@@ -4,7 +4,7 @@ set -e
 
 LOCAL_IMAGE=sslproxy
 TAG=2.2.${BUILD_NUMBER:-dev}
-TAG=2.1
+#TAG=2.1
 REMOTE_IMAGE=dkregistry.xai-corp.net:5000/${LOCAL_IMAGE}:${TAG}
 APP_NAME=sslproxy_app
 
@@ -25,10 +25,10 @@ function deploy() {
     -c docker-compose.prod.yml \
     sslproxy
 
-  docker stack ps sslproxy
 
   sleep 2
-  docker service ps --filter "desired-state=Running" sslproxy_app
+  docker stack ps sslproxy
+#  docker service ps --filter "desired-state=Running" sslproxy_app
 
   wait_for_completed
 }
@@ -41,6 +41,7 @@ wait_for_completed() {
     sleep 3
     state=$(docker service inspect sslproxy_app | jq -r .[0].UpdateStatus.State)
   done
+  sleep 5
 }
 
 function deploy_test() {
@@ -57,8 +58,8 @@ function deploy_test() {
 
 function deploy_save() {
   #tag as latest
-  docker tag "$REMOTE_IMAGE" latest
-  docker push latest
+  docker tag "$REMOTE_IMAGE" "${REMOTE_IMAGE//${TAG}/latest}"
+  docker push "${REMOTE_IMAGE//${TAG}/latest}"
 }
 
 dc() {
diff --git a/dockerfiles/services/sslproxy/cli/deploy.help b/dockerfiles/services/sslproxy/cli/deploy.help
index 7aa5493..2bfdb59 100644
--- a/dockerfiles/services/sslproxy/cli/deploy.help
+++ b/dockerfiles/services/sslproxy/cli/deploy.help
@@ -1,3 +1,8 @@
-ARGS  - The arguments you wish to provide to this command
+-d deploy
+-t test the deployment
+-s mark the deployment as complete
 
-TODO: Fill out the help information for this command.
+Environment Variables:
+
+BUILD_NUMBER : is used in the image tag 2.2.$BUILD_NUMBER
+DOCKER_HOST
diff --git a/dockerfiles/services/sslproxy/cli/deploy.usage b/dockerfiles/services/sslproxy/cli/deploy.usage
index 5226895..0ec47f1 100644
--- a/dockerfiles/services/sslproxy/cli/deploy.usage
+++ b/dockerfiles/services/sslproxy/cli/deploy.usage
@@ -1 +1 @@
-ARGS...
+[-d][-t][-s]
diff --git a/dockerfiles/services/sslproxy/cli/exec b/dockerfiles/services/sslproxy/cli/exec
index d431714..c013594 100755
--- a/dockerfiles/services/sslproxy/cli/exec
+++ b/dockerfiles/services/sslproxy/cli/exec
@@ -3,9 +3,13 @@ set -e
 
 export DOCKER_HOST=${DOCKER_HOST:-'dkhost:2376'}
 
-#docker exec $@
+container=$(docker ps -qn1)
+# shellcheck disable=SC2068
+docker exec -it "$container" $@
 #docker network inspect ingress
 
 #docker service $@
 
-docker $@
+#docker $@
+
+#wget --no-check-certificate --spider -S --header='Host: abcapi.xai-corp.net' https://localhost/
diff --git a/dockerfiles/services/sslproxy/cli/inspect b/dockerfiles/services/sslproxy/cli/inspect
new file mode 100755
index 0000000..d6f67d2
--- /dev/null
+++ b/dockerfiles/services/sslproxy/cli/inspect
@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+set -e
+
+export DOCKER_HOST=${DOCKER_HOST:-'dkhost:2376'}
+
+#container=$(docker service ps -q --filter "desired-state=Running" sslproxy_app | head -n 1)
+
+inspect_service() {
+  docker service ps --filter "desired-state=Running" sslproxy_app
+}
+
+inspect_stack() {
+  docker stack ps --filter "desired-state=Running" sslproxy
+}
+
+inspect_containers() {
+  docker ps -n2
+}
+
+if [ "$1" == "service" ]; then
+  inspect_service
+elif [ "$1" == "stack" ]; then
+  inspect_stack
+else
+  inspect_containers
+fi
diff --git a/dockerfiles/services/sslproxy/cli/inspect.help b/dockerfiles/services/sslproxy/cli/inspect.help
new file mode 100644
index 0000000..7aa5493
--- /dev/null
+++ b/dockerfiles/services/sslproxy/cli/inspect.help
@@ -0,0 +1,3 @@
+ARGS  - The arguments you wish to provide to this command
+
+TODO: Fill out the help information for this command.
diff --git a/dockerfiles/services/sslproxy/cli/inspect.usage b/dockerfiles/services/sslproxy/cli/inspect.usage
new file mode 100644
index 0000000..5226895
--- /dev/null
+++ b/dockerfiles/services/sslproxy/cli/inspect.usage
@@ -0,0 +1 @@
+ARGS...
diff --git a/dockerfiles/services/sslproxy/docker-compose.build.yml b/dockerfiles/services/sslproxy/docker-compose.build.yml
index c369813..1f60c27 100644
--- a/dockerfiles/services/sslproxy/docker-compose.build.yml
+++ b/dockerfiles/services/sslproxy/docker-compose.build.yml
@@ -7,6 +7,10 @@ services:
     build:
       context: .
       dockerfile: Dockerfile
+    volumes: []
+    networks:
+      - prod_ui
+      - prod_tasks
 
 
   mock:
@@ -14,13 +18,29 @@ services:
     volumes:
       - ./test.conf:/etc/nginx/nginx.conf
     networks:
-      default:
+      prod_ui:
         aliases:
-          - abc-api_nginx
           - dkui_app
+          - abc-api_nginx
           - gitea_app
           - jenkins_app
-          - sslproxy_renew
           - xaibox_app
+      prod_app:
+        aliases:
+          - xaibox_app
+          - abc-api_nginx
+      prod_tasks:
+        aliases:
+          - sslproxy_renew
+      prod_ingress:
+        aliases:
           - xaibox.xai-corp.net
+          - xai-corp.net
+
+
+networks:
+  prod_ui:
+  prod_tasks:
+  prod_app:
+  prod_ingress:
 
diff --git a/dockerfiles/services/sslproxy/docker-compose.prod.yml b/dockerfiles/services/sslproxy/docker-compose.prod.yml
index 8244b45..d85b8ac 100644
--- a/dockerfiles/services/sslproxy/docker-compose.prod.yml
+++ b/dockerfiles/services/sslproxy/docker-compose.prod.yml
@@ -20,11 +20,11 @@ services:
       - "80:80" # required for letsencrypt
 
 #    healthcheck:
-#      test: ["CMD", "wget", "--spider", "'Host: dkui.xai-corp.net'", "https://localhost/"]
+#      test: ["CMD", "wget", "--spider", "--no-check-certificate", "--header", "Host: dkui.xai-corp.net", "https://localhost/"]
 #      interval: 10s
-#      timeout: 5s
+#      timeout: 2s
 #      retries: 3
-#      start_period: 10s
+#      start_period: 5s
 
     logging:
       driver: fluentd
@@ -54,8 +54,12 @@ services:
 
     networks:
       - prod_ui
+      - prod_tasks
 
 networks:
   prod_ui:
     external:
       name: prod_ui
+  prod_tasks:
+    external:
+      name: prod_tasks
diff --git a/dockerfiles/services/sslproxy/docker-compose.tools.yml b/dockerfiles/services/sslproxy/docker-compose.tools.yml
index e66c0d2..3be43ff 100644
--- a/dockerfiles/services/sslproxy/docker-compose.tools.yml
+++ b/dockerfiles/services/sslproxy/docker-compose.tools.yml
@@ -14,6 +14,8 @@ services:
       - certbot
       - certonly
       - --standalone
+    networks:
+      - prod_tasks:
 
   certificates:
     image: ${LETSENCRYPT_IMAGE}
@@ -33,3 +35,11 @@ services:
       - ${LETSENCRYPT_MOUNT}:/etc/letsencrypt
     ports:
       - 80:80
+
+networks:
+  prod_ui:
+    external:
+      name: prod_ui
+  prod_tasks:
+    external:
+      name: prod_tasks
diff --git a/dockerfiles/services/sslproxy/docker-compose.yml b/dockerfiles/services/sslproxy/docker-compose.yml
index 38a3221..c9356cb 100644
--- a/dockerfiles/services/sslproxy/docker-compose.yml
+++ b/dockerfiles/services/sslproxy/docker-compose.yml
@@ -15,8 +15,6 @@ services:
     image: ${LOCAL_IMAGE}:${TAG}
     volumes:
       - ./certs:/etc/letsencrypt
-      - ./hosts:/etc/nginx/conf.d:ro
-      - ./nginx.conf:/etc/nginx/nginx.conf
       - cache:/data/nginx/cache
     ports:
       - 443:443
diff --git a/dockerfiles/services/sslproxy/hosts/git.xai-corp.net.conf b/dockerfiles/services/sslproxy/hosts/git.xai-corp.net.conf
index 649e806..6f11dc9 100644
--- a/dockerfiles/services/sslproxy/hosts/git.xai-corp.net.conf
+++ b/dockerfiles/services/sslproxy/hosts/git.xai-corp.net.conf
@@ -3,12 +3,12 @@ proxy_cache_path /data/nginx/cache/gitea levels=1:2 keys_zone=gitea:10m max_size
 
 # git.xai-corp.net
 server {
-    listen 443;
-    server_name git.xai-corp.net;
-
     # this is the internal Docker DNS, cache only for 30s
     resolver 127.0.0.11 valid=5s;
 
+    listen  443 ssl;
+    server_name git.xai-corp.net;
+
     set $backend http://gitea_app:3000;
     #set $backend http://dkhost.xai-corp.net:10080;
 
diff --git a/dockerfiles/services/sslproxy/hosts/xaibox.xai-corp.net.conf b/dockerfiles/services/sslproxy/hosts/xaibox.xai-corp.net.conf
index c11697d..2da6104 100644
--- a/dockerfiles/services/sslproxy/hosts/xaibox.xai-corp.net.conf
+++ b/dockerfiles/services/sslproxy/hosts/xaibox.xai-corp.net.conf
@@ -19,14 +19,14 @@ server {
 
     # this is the internal Docker DNS, cache only for 30s
     resolver 127.0.0.11 valid=5s;
-    set $backend http://xaibox.xai-corp.net:8083;
+    set $backend http://xaibox_app;
 
     #Strict-Transport-Security: max-age=15768000
     add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
 
     location / {
         proxy_set_header        Connection $http_connection;
-        proxy_set_header        Host $host:$server_port;
+        proxy_set_header        Host xaibox.xai-corp.net:$server_port;
         proxy_set_header        X-Real-IP $remote_addr;
         proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header        X-Forwarded-Host $host;