diff --git a/services/synapse/nginx.nix b/services/synapse/nginx.nix
index bc28321..592cef4 100644
--- a/services/synapse/nginx.nix
+++ b/services/synapse/nginx.nix
@@ -1,7 +1,15 @@
 { config, ... }:
 let
-  inherit (config.machine.synapse) domain port;
+  cfg = config.machine.synapse;
   maxUploadSize = config.services.matrix-synapse.settings.max_upload_size;
+
+  clientConfig."m.homeserver".base_url = baseUrl;
+  serverConfig."m.server" = "${cfg.domain}:443";
+  mkWellKnown = data: ''
+    default_type application/json;
+    add_header Access-Control-Allow-Origin *;
+    return 200 '${builtins.toJSON data}';
+  '';
 in
 {
   systemd.services.nginx.serviceConfig.SupplementaryGroups = [ "matrix-synapse" ];
@@ -14,13 +22,15 @@ in
     upstreams."matrix-synapse".servers = {
       "unix:/run/matrix-synapse/matrix-synapse.sock" = { };
     };
-    virtualHosts.${domain} = {
+    virtualHosts.${cfg.domain} = {
       forceSSL = true;
       enableACME = true;
 
       locations = {
+        "= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
+        "= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
         "^~ /_matrix" = {
-          proxyPass = "http://127.0.0.1:${toString port}";
+          proxyPass = "http://127.0.0.1:${toString cfg.port}";
           extraConfig = ''
             limit_req zone=matrix burst=100 nodelay;
             proxy_set_header Host $host;
@@ -36,7 +46,7 @@ in
 
         # Health check
         "= /health" = {
-          proxyPass = "http://127.0.0.1:${toString port}";
+          proxyPass = "http://127.0.0.1:${toString cfg.port}";
           extraConfig = ''
             access_log off;
           '';