diff --git a/.env.example b/.env.example
index 89945f0..ffc66ac 100644
--- a/.env.example
+++ b/.env.example
@@ -1,11 +1,17 @@
 # synapse
 SYNAPSE_IMAGE_TAG=latest
 SERVER_NAME=localhost
-HTTP_PORT=8008
 CONFIG_DIR=/data
 CONFIG_FILE_NAME=homeserver.yaml
 UID=991
 GID=991
 TZ=UTC
 
-POSTGRESQL_IMAGE_TAG=14
\ No newline at end of file
+# postgres
+POSTGRESQL_IMAGE_TAG=14
+
+# nginx
+HTTPS_PORT=443
+FEDERATION_HTTPS_PORT=8448
+SSL_CERT_PATH=/etc/ssl/certs/ssl-cert-snakeoil.pem
+SSL_KEY_PATH=/etc/ssl/private/ssl-cert-snakeoil.key
\ No newline at end of file
diff --git a/docker-compose.yaml b/docker-compose.yaml
index 6818f7b..3882bd1 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -25,13 +25,31 @@ services:
     restart: unless-stopped
     volumes:
       - synapse-data:${CONFIG_DIR}
+    ports:
+      - 8008:8008
     environment:
       SYNAPSE_CONFIG_DIR: ${CONFIG_DIR}
       SYNAPSE_CONFIG_PATH: ${CONFIG_DIR}/${CONFIG_FILE_NAME}
       UID: ${UID}
       GID: ${GID}
       TZ: ${TZ}
-    ports:
-      - ${HTTP_PORT}:8008
     depends_on:
       - postgres
+
+  nginx:
+    build: nginx
+    restart: unless-stopped
+    ports:
+      - 443:443
+      - 8448:8448
+    volumes:
+      - ${SSL_CERT_PATH}:${SSL_CERT_PATH}
+      - ${SSL_KEY_PATH}:${SSL_KEY_PATH}
+    environment:
+      SERVER_NAME: ${SERVER_NAME}
+      HTTPS_PORT: ${HTTPS_PORT}
+      FEDERATION_HTTPS_PORT: ${FEDERATION_HTTPS_PORT}
+      SSL_CERT_PATH: ${SSL_CERT_PATH}
+      SSL_KEY_PATH: ${SSL_KEY_PATH}
+    depends_on:
+      - synapse
diff --git a/nginx/Dockerfile b/nginx/Dockerfile
new file mode 100644
index 0000000..d0d9310
--- /dev/null
+++ b/nginx/Dockerfile
@@ -0,0 +1,9 @@
+FROM nginx:latest
+
+COPY default.conf /tmp/nginx/default.conf
+
+COPY docker-entrypoint.sh /tmp/docker-entrypoint.sh
+RUN chmod 755 /tmp/docker-entrypoint.sh
+ENTRYPOINT [ "/tmp/docker-entrypoint.sh" ]
+
+CMD ["nginx", "-g", "daemon off;"]
\ No newline at end of file
diff --git a/nginx/default.conf b/nginx/default.conf
new file mode 100644
index 0000000..e5ba546
--- /dev/null
+++ b/nginx/default.conf
@@ -0,0 +1,19 @@
+server {
+    listen      ${HTTPS_PORT} ssl http2;
+
+	# For the federation port
+	listen 		${FEDERATION_HTTPS_PORT} ssl http2 default_server;
+    
+	server_name ${SERVER_NAME};
+
+	ssl_certificate ${SSL_CERT_PATH};
+	ssl_certificate_key ${SSL_KEY_PATH};
+
+    location ~ ^(/_matrix|/_synapse/client) {
+        proxy_pass http://synapse:8008;
+		proxy_set_header Host $host;
+		proxy_set_header X-Forwarded-Proto $scheme;
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        client_max_body_size 50M;
+    }
+}
\ No newline at end of file
diff --git a/nginx/docker-entrypoint.sh b/nginx/docker-entrypoint.sh
new file mode 100644
index 0000000..cc46eea
--- /dev/null
+++ b/nginx/docker-entrypoint.sh
@@ -0,0 +1,6 @@
+#!/usr/bin/env sh
+set -eu
+
+envsubst '${SERVER_NAME} ${HTTPS_PORT} ${FEDERATION_HTTPS_PORT} ${SSL_CERT_PATH} ${SSL_KEY_PATH}' < /tmp/nginx/default.conf > /etc/nginx/conf.d/default.conf
+
+exec "$@"
\ No newline at end of file