diff --git a/dockerized/first-level-nginx/README.md b/dockerized/first-level-nginx/README.md
new file mode 100644
index 0000000..df065fb
--- /dev/null
+++ b/dockerized/first-level-nginx/README.md
@@ -0,0 +1,9 @@
+## First Level NGINX
+
+This config allows for a default first level proxy to be put between FW and the other clusters
+
+### Single Node
+A multiple NGINX instances proxied by a single one
+
+### Swarmed
+4 Replicas
\ No newline at end of file
diff --git a/dockerized/first-level-nginx/configs/node.conf b/dockerized/first-level-nginx/configs/node.conf
new file mode 100644
index 0000000..eaadf4e
--- /dev/null
+++ b/dockerized/first-level-nginx/configs/node.conf
@@ -0,0 +1,94 @@
+# Main context (this is the global configuration)
+worker_processes 4;
+
+events {
+ worker_connections 1024;
+}
+
+http {
+ include mime.types;
+
+ # Upstream block to define the Node.js backend servers
+ # Servers name come from compose definition
+
+ upstream swarm1_cluster {
+ server swarm1w1.sselab.ddns.net;
+ server swarm1w2.sselab.ddns.net;
+ server swarm1w3.sselab.ddns.net;
+ server swarm1w4.sselab.ddns.net;
+ }
+
+
+ #TODO manage certs
+ # server {
+ # listen 443 ssl; # Listen on port 443 for HTTPS
+ # server_name localhost;
+
+ # # SSL certificate settings
+ # ssl_certificate /Users/nana/nginx-certs/nginx-selfsigned.crt;
+ # ssl_certificate_key /Users/nana/nginx-certs/nginx-selfsigned.key;
+
+ # # Proxying requests to Node.js cluster
+ # location / {
+ # proxy_pass http://nodejs_cluster;
+ # proxy_set_header Host $host;
+ # proxy_set_header X-Real-IP $remote_addr;
+ # }
+ # }
+
+
+ # Optional server block for HTTP to HTTPS redirection
+ server {
+ listen 80; # Listen on port 80 for HTTP
+ server_name *.sw1.sselab.ddns.net;
+
+
+ location / {
+ # Redirect all HTTP traffic to HTTPS
+ # TODO requires https
+ # return 301 https://$host$request_uri;
+
+ proxy_pass http://swarm1_cluster;
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection 'upgrade';
+ proxy_set_header Host $host;
+ proxy_cache_bypass $http_upgrade;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+ }
+
+
+ server {
+ listen 80;
+ server_name *.sw1.hassallab.it;
+
+ location / {
+ # Redirect all HTTP traffic to HTTPS
+ # TODO requires https
+ # return 301 https://$host$request_uri;
+
+ proxy_pass http://swarm1_cluster;
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection 'upgrade';
+ proxy_set_header Host $host;
+ proxy_cache_bypass $http_upgrade;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+ }
+
+
+ #Default Catch-all serving
+ server {
+ listen 80 default_server;
+ server_name _;
+ root /var/www/default;
+
+ location /{
+ try_files $uri /$uri /index.html;
+ }
+ }
+}
diff --git a/dockerized/first-level-nginx/content/index.html b/dockerized/first-level-nginx/content/index.html
new file mode 100644
index 0000000..3c7ee17
--- /dev/null
+++ b/dockerized/first-level-nginx/content/index.html
@@ -0,0 +1,33 @@
+
+
+
+
+
+
+ Hassallab Landing Page
+
+
+
+
+
+
+
+
+
+
diff --git a/dockerized/first-level-nginx/single_node/compose.yaml b/dockerized/first-level-nginx/single_node/compose.yaml
new file mode 100644
index 0000000..1f1b347
--- /dev/null
+++ b/dockerized/first-level-nginx/single_node/compose.yaml
@@ -0,0 +1,12 @@
+version: '3.7'
+
+services:
+ # --- NGINX ---
+ nginx:
+ image: nginx:latest
+ ports:
+ - '80:80'
+ - '443:443'
+ volumes:
+ - ../configs/node.conf:/etc/nginx/nginx.conf:ro
+ - ../content/index.html:/var/www/default/index.html
\ No newline at end of file
diff --git a/dockerized/first-level-nginx/swarmed/compose.yaml b/dockerized/first-level-nginx/swarmed/compose.yaml
new file mode 100644
index 0000000..9539955
--- /dev/null
+++ b/dockerized/first-level-nginx/swarmed/compose.yaml
@@ -0,0 +1,37 @@
+version: '3.7'
+
+services:
+ # --- NGINX ---
+ nginx:
+ image: nginx:latest
+ ports:
+ - '80:80'
+ - '443:443'
+ deploy:
+ replicas: 4
+ update_config:
+ parallelism: 2
+ order: start-first
+ failure_action: rollback
+ delay: 10s
+ rollback_config:
+ parallelism: 0
+ order: stop-first
+ restart_policy:
+ condition: any
+ delay: 5s
+ max_attempts: 3
+ window: 120s
+ healthcheck:
+ test: ["CMD", "service", "nginx", "status"]
+ configs:
+ - source: nginx_conf
+ target: /etc/nginx/nginx.conf
+ - source: nginx_static
+ target: /var/www/default/index.html
+
+configs:
+ nginx_conf:
+ file: ../configs/node.conf
+ nginx_static:
+ file: ../content/index.html
diff --git a/templates/PKI/README.md b/templates/PKI/README.md
new file mode 100644
index 0000000..e239858
--- /dev/null
+++ b/templates/PKI/README.md
@@ -0,0 +1,17 @@
+# PKI
+
+### Templates
+Some utils files in order to have a ready solution in order to generate bundles.
+
+**NB** via console is trivial :
+
+Public CRT
+'cat SSE\ Lab\ Root\ CA_crt.pem >> certificate-bundle.pem
+cat SSE\ Lab\ Intermediate\ CA_crt.pem >> certificate-bundle.pem
+cat RUP\ Services_crt.pem >> certificate-bundle.pem'
+
+Private Key
+'cat RUP\ Services_prv.pem >> certificate-bundle.key'
+
+
+
diff --git a/templates/PKI/certificate-bundle(structure).pem b/templates/PKI/certificate-bundle(structure).pem
new file mode 100644
index 0000000..6b5c56b
--- /dev/null
+++ b/templates/PKI/certificate-bundle(structure).pem
@@ -0,0 +1,9 @@
+-----BEGIN CERTIFICATE-----
+Root CA public key data
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+Intermediate CA public key data
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+Leaf Certificate public key data
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/templates/PKI/certificate-bundle(template).pem b/templates/PKI/certificate-bundle(template).pem
new file mode 100644
index 0000000..48ebb9e
--- /dev/null
+++ b/templates/PKI/certificate-bundle(template).pem
@@ -0,0 +1,53 @@
+-----BEGIN CERTIFICATE-----
+MIIEOzCCAyOgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UEBhMCSVQx
+DTALBgNVBAgMBFBpc2ExDTALBgNVBAcMBFBpc2ExDTALBgNVBAoMBElTVEkxDzAN
+BgNVBAsMBlNTRUxhYjEqMCgGCSqGSIb3DQEJARYbZmFiaW8uc2luaWJhbGRpQGlz
+dGkuY25yLml0MRcwFQYDVQQDDA5zc2VsYWItcm9vdC1jYTAeFw0yNTAzMDUxMDA4
+MjRaFw0zNTAzMDMxMDA4MjRaMIGQMQswCQYDVQQGEwJJVDENMAsGA1UECAwEUGlz
+YTENMAsGA1UEBwwEUGlzYTENMAsGA1UECgwESVNUSTEPMA0GA1UECwwGU1NFTGFi
+MSowKAYJKoZIhvcNAQkBFhtmYWJpby5zaW5pYmFsZGlAaXN0aS5jbnIuaXQxFzAV
+BgNVBAMMDnNzZWxhYi1yb290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAnXup44PPzPSTDRkLBMGuUtXUk344tNZDn6h+rxXGlSw0T6qGrGPCAhqI
+6IuOkCE/wp/Sv1KEFp2OamPiEwA0mTIoOi2ACaNg7fhOHUNpgw2dpeaiVd6WCmY6
+MkLMcAH4jFlnOI/RnjkV01Yz3KGj7tpztd3wqD84INasRH+6zlZqiKG0HIxjlAUx
+eHOop2rOTzUSsiOZyaW3dlQNtup7ndkFGZYd6aN50Kd1tbOZGHBldFwonNQN/59I
+xUAsgX2BGQ97K1BoFN3bor3MwK9oKbjHY72/kPIN1IrblcreejyElq3Gt+B4UJ+R
+XZO7A/lCzqykNLJax3wQkU3ZfKk6ywIDAQABo4GdMIGaMDcGCWCGSAGG+EIBDQQq
+FihPUE5zZW5zZSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB0GA1Ud
+DgQWBBTYTk488gvOsh5qJ/VbKYxZRbQ/NzAfBgNVHSMEGDAWgBTYTk488gvOsh5q
+J/VbKYxZRbQ/NzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjANBgkq
+hkiG9w0BAQsFAAOCAQEAH8sMS8XHZh4Jg6vBvwU1mufi9KeTW1MQP8p8FXV4hBZy
+jSPpeEyqJo4fms70AY9zqomjxIikKgBRnIi/pyJ5U3oKOrktHiXlzugeVIptR37P
+mUBPu/7yO1ttNdwKbX8OjSxR/BnJtP/rVwcKn2KnF0CQWHEsEpgTd+ayIEl7OEvJ
+icuN2//H71ytu/Le7tl+Ib6ZuoVA+n6JQenSOOWd31UUNNe8mANj0bzkHTaoIDzS
+oqhN9vfQ61E3p8E1X3IA3q8rggrJudR+fngwH7TeKtd2STP2nXtHYlhDBfVlUG6x
+riZKtbFI0oiwF0BFyV4dah2i6N98phZ5V23Iz7t0PA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UEBhMCSVQx
+DTALBgNVBAgMBFBpc2ExDTALBgNVBAcMBFBpc2ExDTALBgNVBAoMBElTVEkxDzAN
+BgNVBAsMBlNTRUxhYjEqMCgGCSqGSIb3DQEJARYbZmFiaW8uc2luaWJhbGRpQGlz
+dGkuY25yLml0MRcwFQYDVQQDDA5zc2VsYWItcm9vdC1jYTAeFw0yNTAzMDUxMDEw
+MjZaFw0yODAzMDQxMDEwMjZaMIGHMQswCQYDVQQGEwJJVDENMAsGA1UECAwEUGlz
+YTENMAsGA1UEBwwEUGlzYTENMAsGA1UECgwESVNUSTEqMCgGCSqGSIb3DQEJARYb
+ZmFiaW8uc2luaWJhbGRpQGlzdGkuY25yLml0MR8wHQYDVQQDDBZzc2VsYWItaW50
+ZXJtZWRpYXRlLWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+3H
+Vz7jnaGGew6LjeFhE5Dr+iIID+SdclrkB/ljz5ey3q4Rnsso4xnKVdyITSUinDee
+RiPk+R2h7mhGlL9Z25JpykV+exwzM5hPrU0GVaus9QljL9TCAsN82M6ww6R0+m1s
+vQp6/Y5oax/Mi/6K3dHqcjKEZ8GbHUns8xZtZ8sPCboyV1IFeAjfBIJYfr94CRqy
+A/H2JcY348fM3XMDzDhZXEydeMeaM8bQhtQml0IwRs3L1ZHFppNXjvQLW2IbF8EW
+VQNlTY7UwWpjsGDC3+3vrV0yOyE1hpi4YU3zcq9ds+HeVw4fUNEWCoDaEEah9wnX
+4O2yVxm+R31WEia3sQIDAQABo4GdMIGaMDcGCWCGSAGG+EIBDQQqFihPUE5zZW5z
+ZSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB0GA1UdDgQWBBRE3BNE
+555kVhkB6C1XKtrYY+QlZzAfBgNVHSMEGDAWgBTYTk488gvOsh5qJ/VbKYxZRbQ/
+NzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
+AAOCAQEAVbuglqJ2/vDBkFunvQa0SdR/OaL9cRtbfGqhYpc3sZVO2tDh7aKSrr9o
+7EeLFL+GKt9f8IqKMMTC33Ac/m+Ne6wvyv6sqpbTo84gdVlVV/YjWt9spEUivHa4
+TLxEhi7KeO2DmhMGYWI/ogTaNKWboUmZZ4PoBS0Z3Rz6I97UcPB89AcKLGAW0dtC
+fAQSHYVQ0Egm4Qf8ICJBcdwdnjffSUk3kkVcKg4qr+5kjVACjRJfqOm7PDrh2jmA
+gnMxtST45WTgWlWa4cS+/Bb9KreQCdfcN1xevOzOJSVecVYT40N8n8nwhCIkMPAM
+1QzsP1M6grD89nHeECK4LEpLTdBhvw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+Leaf Certificate public key data
+-----END CERTIFICATE-----
\ No newline at end of file