diff --git a/plinth/modules/matrixsynapse/data/usr/share/freedombox/etc/apache2/conf-available/matrix-synapse-plinth.conf b/plinth/modules/matrixsynapse/data/usr/share/freedombox/etc/apache2/conf-available/matrix-synapse-plinth.conf
index de4b878b5..4852e71bf 100644
--- a/plinth/modules/matrixsynapse/data/usr/share/freedombox/etc/apache2/conf-available/matrix-synapse-plinth.conf
+++ b/plinth/modules/matrixsynapse/data/usr/share/freedombox/etc/apache2/conf-available/matrix-synapse-plinth.conf
@@ -1,9 +1,24 @@
 ##
-## On all sites, provide Matrix Synapse on a default path: /_matrix. This is
-## only useful for clients to login without specifying a server port. This is
-## not useful for federation which requires SRV record or listening on port
-## 8448. Further, federation requires same TLS public key to be provided to
-## Apache and Matrix Synapse server.
+## On all sites, provide Matrix API on a default path: /_matrix and Synapse
+## Client API on path: /_synapse/client. This configuration as recommended at
+## https://element-hq.github.io/synapse/latest/reverse_proxy.html . This is
+## useful for clients to login without specifying a server port. This is not
+## useful for federation which requires SRV record or listening on port 8448.
+## Further, federation requires same TLS public key to be provided to Apache and
+## Matrix Synapse server.
 ##
-ProxyPass /_matrix http://localhost:8008/_matrix nocanon
-ProxyPassReverse /_matrix http://localhost:8008/_matrix
+AllowEncodedSlashes NoDecode
+
+<Location /_matrix>
+    RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
+    ProxyPreserveHost on
+    ProxyPass http://127.0.0.1:8008/_matrix nocanon
+    ProxyPassReverse http://127.0.0.1:8008/_matrix
+</Location>
+
+<Location /_synapse/client>
+    RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
+    ProxyPreserveHost on
+    ProxyPass http://127.0.0.1:8008/_synapse/client nocanon
+    ProxyPassReverse http://127.0.0.1:8008/_synapse/client
+</Location>