diff --git a/nginx/README.md b/nginx/README.md
index 79c37ec..10a30b4 100644
--- a/nginx/README.md
+++ b/nginx/README.md
@@ -81,6 +81,7 @@ server {
 
     access_log /var/log/nginx/matrixdev-access.log;
     error_log /var/log/nginx/matrixdev-error.log;
+
 }
 ```
 
@@ -91,6 +92,39 @@ http is forwarded to https.
 Be sure to substitute the correct values for `server_name`, `base_url` and the
 certificate files.
 
+For the actual proxy in front of Synapse, this is what you need:
+
+```
+server {
+	listen 443 ssl;
+	listen [::]:443 ssl;
+
+	# For the federation port
+	listen 8448 ssl default_server;
+	listen [::]:8448 ssl default_server;
+
+	ssl_certificate /etc/letsencrypt/live/vm02199.procolix.com/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/vm02199.procolix.com/privkey.pem;
+	include /etc/letsencrypt/options-ssl-nginx.conf;
+	ssl_dhparam /etc/ssl/dhparams.pem;
+
+	server_name vm02199.procolix.com;
+
+	location ~ ^(/_matrix|/_synapse/client) {
+		proxy_pass http://localhost:8008;
+		proxy_set_header X-Forwarded-For $remote_addr;
+		proxy_set_header X-Forwarded-Proto $scheme;
+		proxy_set_header Host $host;
+		client_max_body_size 50M;
+		proxy_http_version 1.1;
+	}
+
+}
+```
+
+Again, substitute the correct values. Don't forget to open the relevant ports
+in the firewall. Ports 80 and 443 may already be open, 8448 is probably not.
+
 
 # Firewall