diff --git a/conf.d/default.conf b/conf.d/default.conf
index f428ba9fdb62cac0a123ea3c6832ab5d29d1c4e3..8d37f41e1a68cd2a2205dcdb190e6b5358eeb11b 100644
--- a/conf.d/default.conf
+++ b/conf.d/default.conf
@@ -8,6 +8,6 @@ server {
 server {
     listen      443 ssl http2 default_server;
     listen      [::]:443 ssl http2 default_server;
-    include     snippets/ssl.conf;
+    include     snippets/ssl-legacy.conf;
     location    / { return 301 https://www.shore.co.il$request_uri; }
 }
diff --git a/conf.d/matrix.shore.co.il b/conf.d/matrix.shore.co.il
new file mode 100644
index 0000000000000000000000000000000000000000..8450d25e49fb61bad03625e97dae1cb50b83fe7f
--- /dev/null
+++ b/conf.d/matrix.shore.co.il
@@ -0,0 +1,37 @@
+map $host $matrix { default synapse; }
+
+server {
+    listen      80;
+    listen      [::]:80;
+    server_name matrix.shore.co.il;
+    include     snippets/robots-disallow-all.conf;
+    include     snippets/ads-txt.conf;
+    include     snippets/security-txt.conf;
+    include     snippets/www-acme-challenge.conf;
+    include     snippets/redirect-https.conf;
+}
+
+server {
+    listen      443 ssl http2;
+    listen      [::]:443 ssl http2;
+    server_name matrix.shore.co.il;
+    include     snippets/robots-disallow-all.conf;
+    include     snippets/ads-txt.conf;
+    include     snippets/security-txt.conf;
+    include     snippets/ssl.conf;
+
+    location / {
+        proxy_pass              http://$matrix:8008;
+        proxy_http_version      1.1;
+        client_max_body_size    512m;
+        include                 snippets/proxy-headers.conf;
+    }
+
+    location /_synapse/admin {
+        proxy_pass              http://$matrix:8008;
+        proxy_http_version      1.1;
+        client_max_body_size    512m;
+        include                 snippets/proxy-headers.conf;
+        include                 snippets/allow-shore-ips.conf;
+    }
+}
diff --git a/snippets/ssl.conf b/snippets/ssl-common.conf
similarity index 76%
rename from snippets/ssl.conf
rename to snippets/ssl-common.conf
index cb1f77f67c32f78cacdde5ed8f5f0d74b346ac2c..b8ed3075fcafd4963a3d6f90316170bf441b43fa 100644
--- a/snippets/ssl.conf
+++ b/snippets/ssl-common.conf
@@ -4,8 +4,6 @@ include                     snippets/common-headers.conf;
 ssl_certificate             /var/ssl/site.crt;
 ssl_certificate_key         /var/ssl/site.key;
 ssl_dhparam                 /var/ssl/dhparams;
-ssl_protocols               TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
-ssl_ciphers                 !AESCCM:!kRSA:!3DES:!RC4:!DES:!MD5:!aNULL:!NULL:AESGCM+ECDH:ECDH+CHACHA20:AES256+ECDH:AES128:CHACHA20:+SHA1;
 ssl_prefer_server_ciphers   on;
 ssl_session_cache           shared:SSL:50m;
 ssl_session_timeout         5m;
diff --git a/snippets/ssl-legacy.conf b/snippets/ssl-legacy.conf
new file mode 100644
index 0000000000000000000000000000000000000000..4e569dd0347fdc955e1f9c86bcca7cb578478920
--- /dev/null
+++ b/snippets/ssl-legacy.conf
@@ -0,0 +1,3 @@
+include                     snippets/ssl-common.conf;
+ssl_protocols               TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
+ssl_ciphers                 !AESCCM:!kRSA:!3DES:!RC4:!DES:!MD5:!aNULL:!NULL:AESGCM+ECDH:ECDH+CHACHA20:AES256+ECDH:AES128:CHACHA20:+SHA1;