diff --git a/playbooks/dna-gw.yml b/playbooks/dna-gw.yml
index 7a9764a..143446f 100644
--- a/playbooks/dna-gw.yml
+++ b/playbooks/dna-gw.yml
@@ -17,6 +17,7 @@
     - role: nginx/site
       site: gw.home.foo.sh
     - tftp
+    - websockify
 
   tasks:
     - name: use configured dns servers and domain name
diff --git a/roles/nginx/site/templates/gw.home.foo.sh.conf.j2 b/roles/nginx/site/templates/gw.home.foo.sh.conf.j2
new file mode 100644
index 0000000..72a9bc3
--- /dev/null
+++ b/roles/nginx/site/templates/gw.home.foo.sh.conf.j2
@@ -0,0 +1,19 @@
+    ssl_client_certificate {{ tls_certs }}/ca.crt;
+    ssl_verify_client on;
+
+{% for host in ssh_proxy_hosts %}
+    location /{{ host | hash('sha1') }}/ {
+        proxy_pass http://127.0.0.1:6000?token={{ host | hash('sha1') }};
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+        proxy_set_header Host $host;
+        proxy_read_timeout 600s;
+        proxy_buffering off;
+    }
+
+{% endfor %}
+    location / {
+        deny all;
+    }
+