diff --git a/configuration.nix b/configuration.nix
index fe14f47..10b447f 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -74,9 +74,11 @@ host    replication     all             ::1/128                 md5
     workers.useUserDirectoryWorker = true;
 
     enableNginx = true;
+    enableSlidingSync = false;
 
     settings = {
       server_name = root_host;
+      public_baseurl = "https://${root_host}";
       enable_registration = false;
       enable_registration_without_verification = true;
 
@@ -213,27 +215,58 @@ host    replication     all             ::1/128                 md5
 
     virtualHosts."${root_host}" = {
       forceSSL = true;
+      enableACME = lib.mkForce false; # use the cert above, not some weird one that matrix-synapse module supplies
       useACMEHost = root_host;
       locations."/" = {
           root = "/var/www/grimmauld.duckdns.org"; 
       };
       locations."/.well-known/matrix/server" = {
-##        alias = "/var/www/grimmauld.duckdns.org";
-##        alias = "/var/www/grimmauld.duckdns.org/.well-known/matrix/server"; # pkgs.writeText "server" ''{"m.server": "${matrix_host}:443"}'';
-##        alias = matrix_redirect;
         return = "200 '{\"m.server\":\"${matrix_host}:443\"}'";
         extraConfig = ''
 default_type application/json;
 add_header Access-Control-Allow-Origin *;
 add_header Accept-Ranges bytes;'';
       };
-#      locations."/.well-known/matrix/client" = {
-#        return = "200 '{\"m.homeserver\": {\"base_url\": \"https://${matrix_host}\"}}'";
-#        extraConfig = ''
-#add_header Access-Control-Allow-Origin *;
-#default_type application/json;
-#'';
-#      };
+      locations."/.well-known/matrix/client" = {
+        return = "200 '{\"m.homeserver\": {\"base_url\": \"https://${matrix_host}\"}}'";
+        extraConfig = ''
+add_header Access-Control-Allow-Origin *;
+default_type application/json;
+'';
+      };
+      locations."/_matrix" = {
+        proxyPass = "http://$synapse_backend";
+        extraConfig = ''
+          add_header X-debug-backend $synapse_backend;
+          add_header X-debug-group $synapse_uri_group;
+          client_max_body_size ${config.services.matrix-synapse-next.settings.max_upload_size};
+          proxy_read_timeout 10m;
+        '';
+      };
+      locations."~ ^/_matrix/client/(r0|v3)/sync$" = {
+        proxyPass = "http://$synapse_backend";
+        extraConfig = ''
+          proxy_read_timeout 1h;
+        '';
+      };
+      locations."~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$" = {
+        proxyPass = "http://synapse_worker_initial_sync";
+        extraConfig = ''
+          proxy_read_timeout 1h;
+        '';
+      };
+      locations."~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$" = {
+        proxyPass = "http://synapse_worker_initial_sync";
+        extraConfig = ''
+          proxy_read_timeout 1h;
+        '';
+      };
+      locations."/_synapse/client" = {
+        proxyPass = "http://$synapse_backend";
+      };
+      locations."/.well-known/matrix" = {
+        proxyPass = "http://$synapse_backend";
+      };
     };
 
     virtualHosts."${puffer_host}" = {