diff --git a/docs/haproxy/haproxy-with-tls-termination.cfg b/docs/haproxy/haproxy-with-tls-termination.cfg
new file mode 100644
index 00000000..5dde0efc
--- /dev/null
+++ b/docs/haproxy/haproxy-with-tls-termination.cfg
@@ -0,0 +1,26 @@
+backend be_matrix
+    mode http
+# Dendrite running on same host:
+    server static 127.0.0.1:8008 check
+# For Dendrite running on host with ip a.b.c.d, replace with:
+#    server static a.b.c.d:8008 check
+
+backend matrix-well-known-client
+  http-after-response set-header Access-Control-Allow-Origin "*"
+  http-after-response set-header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
+  http-after-response set-header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
+url":"https://identity.example.com"}}'
+  http-request return status 200 content-type application/json string '{"m.homeserver":{"base_url":"https://matrix.example.com"},"m.identity_server":{"base_u
+rl":"https://matrix.example.com"}}'
+
+backend matrix-well-known-server
+  http-after-response set-header Access-Control-Allow-Origin "*"
+  http-after-response set-header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
+  http-after-response set-header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
+  http-request return status 200 content-type application/json string '{"m.server":"matrix.example.com"}'
+
+frontend fe_matrix_dendrite
+# Replace   123.123.123.123 with your PUBLIC ip address
+    bind 123.123.123.123:8448 ssl crt /etc/haproxy/certs/matrix.example.com.pem
+    use_backend     be_matrix
+    default_backend be_matrix
diff --git a/docs/haproxy/haproxy.cfg b/docs/haproxy/haproxy.cfg
new file mode 100644
index 00000000..e392f634
--- /dev/null
+++ b/docs/haproxy/haproxy.cfg
@@ -0,0 +1,26 @@
+backend be_matrix
+    mode http
+# Dendrite running on same host:
+    server static 127.0.0.1:8448 check
+# For Dendrite running on host with ip a.b.c.d, replace with:
+#    server static a.b.c.d:8448 check
+
+backend matrix-well-known-client
+  http-after-response set-header Access-Control-Allow-Origin "*"
+  http-after-response set-header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
+  http-after-response set-header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
+url":"https://identity.example.com"}}'
+  http-request return status 200 content-type application/json string '{"m.homeserver":{"base_url":"https://matrix.example.com"},"m.identity_server":{"base_u
+rl":"https://matrix.example.com"}}'
+
+backend matrix-well-known-server
+  http-after-response set-header Access-Control-Allow-Origin "*"
+  http-after-response set-header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
+  http-after-response set-header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
+  http-request return status 200 content-type application/json string '{"m.server":"matrix.example.com"}'
+
+frontend fe_matrix_dendrite
+# Replace   123.123.123.123 with your PUBLIC ip address
+    bind 123.123.123.123:8448 
+    use_backend     be_matrix
+    default_backend be_matrix