diff --git a/README.md b/README.md
index c2ef036..ce86195 100644
--- a/README.md
+++ b/README.md
@@ -66,6 +66,7 @@ This repository packages those JSON definitions alongside their configuration sn
 | [NetBird](templates/netbird/)     | Self-hosted template with gRPC and websocket routing  | `templates/netbird/`   |
 | [Tomcat](templates/tomcat/)       | Reverse proxy template with servlet-friendly defaults | `templates/tomcat/`    |
 | [WordPress](templates/wordpress/) | Secure template with essential hardening defaults     | `templates/wordpress/` |
+| [Synapse](templates/synapse/) | Secure template with essential hardening defaults for the matrix server synapse     | `templates/synapse/` |
 
 ```text
 templates/
diff --git a/templates/synapse/configs/server-http/well-known.conf b/templates/synapse/configs/server-http/well-known.conf
new file mode 100644
index 0000000..b10a84b
--- /dev/null
+++ b/templates/synapse/configs/server-http/well-known.conf
@@ -0,0 +1,11 @@
+location /.well-known/matrix/client {
+    default_type application/json;
+    add_header Access-Control-Allow-Origin *;
+    return 200 '{"m.homeserver":{"base_url":"https://matrix.palmcoasty.com"}}';
+}
+
+location /.well-known/matrix/server {
+    default_type application/json;
+    add_header Access-Control-Allow-Origin *;
+    return 200 '{"m.server":"matrix.palmcoasty.com:443"}';
+}
diff --git a/templates/synapse/template.json b/templates/synapse/template.json
new file mode 100644
index 0000000..497fab9
--- /dev/null
+++ b/templates/synapse/template.json
@@ -0,0 +1,47 @@
+{
+  "id": "synapse-no-turn",
+  "name": "Synapse Matrix server without Turn, secure template with essential hardening defaults",
+  "settings": {
+    "SERVER_NAME": "example.com",
+    "AUTO_LETS_ENCRYPT": "yes",
+    "USE_LETS_ENCRYPT_STAGING": "no",
+    "USE_LETS_ENCRYPT_WILDCARD": "no",
+    "LETS_ENCRYPT_CHALLENGE": "http",
+    "LETS_ENCRYPT_DNS_PROVIDER": "",
+    "LETS_ENCRYPT_DNS_PROPAGATION": "default",
+    "LETS_ENCRYPT_DNS_CREDENTIAL_ITEM": "",
+    "USE_CUSTOM_SSL": "no",
+    "CUSTOM_SSL_CERT_PRIORITY": "file",
+    "CUSTOM_SSL_CERT": "",
+    "CUSTOM_SSL_KEY": "",
+    "CUSTOM_SSL_CERT_DATA": "",
+    "CUSTOM_SSL_KEY_DATA": "",
+    "USE_REVERSE_PROXY": "yes",
+    "REVERSE_PROXY_URL": "/_matrix/",
+    "REVERSE_PROXY_HOST": "http://mysynapse-server:8008",
+    "REVERSE_PROXY_INTERCEPT_ERRORS": "no",
+    "REVERSE_PROXY_KEEPALIVE": "yes",
+    "REVERSE_PROXY_HIDE_HEADERS": "",
+    "REVERSE_PROXY_CONNECT_TIMEOUT": "30s",
+    "REVERSE_PROXY_READ_TIMEOUT": "300s",
+    "REVERSE_PROXY_SEND_TIMEOUT": "60s",
+    "HTTP3": "no",
+    "LISTEN_HTTP": "no",
+    "MAX_CLIENT_SIZE": "50m",
+    "ALLOWED_METHODS": "GET|POST|HEAD|PUT|DELETE|OPTIONS|PATCH",
+    "USE_LIMIT_REQ": "yes",
+    "LIMIT_REQ_URL": "/",
+    "LIMIT_REQ_RATE": "10r/s",
+    "INTERCEPTED_ERROR_CODES": "400 401 403 404 405 413 429 501 502 503 504",
+    "USE_WHITELIST": "yes",
+    "BAD_BEHAVIOR_STATUS_CODES": "405",
+    "BAD_BEHAVIOR_THRESHOLD": "100",
+    "WHITELIST_IP": "",
+    "WHITELIST_RDNS": ".google.com .googlebot.com .yandex.ru .yandex.net .yandex.com .search.msn.com .baidu.com .baidu.jp .crawl.yahoo.net .fwd.linkedin.com",
+    "WHITELIST_RDNS_GLOBAL": "yes",
+    "WHITELIST_ASN": "",
+    "SERVE_FILES": "no",
+    "USE_CLIENT_CACHE": "n0",
+    "USE_GZIP": "yes",
+    "USE_BROTLI": "yes",
+  }