Add websocket ssh proxy to dna-gw

playbooks/dna-gw.yml

@@ -17,6 +17,7 @@
     - role: nginx/site
       site: gw.home.foo.sh
     - tftp
+    - websockify
 
   tasks:
     - name: use configured dns servers and domain name

roles/nginx/site/templates/gw.home.foo.sh.conf.j2

@@ -0,0 +1,19 @@
+    ssl_client_certificate {{ tls_certs }}/ca.crt;
+    ssl_verify_client on;
+
+{% for host in ssh_proxy_hosts %}
+    location /{{ host | hash('sha1') }}/ {
+        proxy_pass http://127.0.0.1:6000?token={{ host | hash('sha1') }};
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+        proxy_set_header Host $host;
+        proxy_read_timeout 600s;
+        proxy_buffering off;
+    }
+
+{% endfor %}
+    location / {
+        deny all;
+    }
+