diff --git a/playbooks/roles/gitea/files/matrix-client b/playbooks/roles/gitea/files/matrix-client
new file mode 100644
index 0000000000..a720714315
--- /dev/null
+++ b/playbooks/roles/gitea/files/matrix-client
@@ -0,0 +1,8 @@
+{
+    "m.homeserver": {
+        "base_url": "https://opendev.ems.host"
+    },
+    "m.identity_server": {
+        "base_url": "https://vector.im"
+    }
+}
diff --git a/playbooks/roles/gitea/files/matrix-server b/playbooks/roles/gitea/files/matrix-server
new file mode 100644
index 0000000000..43d9a9de04
--- /dev/null
+++ b/playbooks/roles/gitea/files/matrix-server
@@ -0,0 +1,3 @@
+{
+    "m.server": "opendev.ems.host:443"
+}
diff --git a/playbooks/roles/gitea/tasks/proxy.yaml b/playbooks/roles/gitea/tasks/proxy.yaml
index a1268929ce..cfe1fa7baa 100644
--- a/playbooks/roles/gitea/tasks/proxy.yaml
+++ b/playbooks/roles/gitea/tasks/proxy.yaml
@@ -33,3 +33,28 @@
     group: root
     mode: 0644
   notify: gitea Restart apache2
+
+- name: Create matrix well-known directory
+  file:
+    path: /var/www/opendev.org/.well-known/matrix
+    state: directory
+    owner: root
+    group: root
+    mode: 0775
+    recurse: yes
+
+- name: Copy matrix client config
+  copy:
+    src: matrix-client
+    dest: /var/www/opendev.org/.well-known/matrix/client
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Copy matrix server config
+  copy:
+    src: matrix-server
+    dest: /var/www/opendev.org/.well-known/matrix/server
+    owner: root
+    group: root
+    mode: 0644
diff --git a/playbooks/roles/gitea/templates/gitea.vhost.j2 b/playbooks/roles/gitea/templates/gitea.vhost.j2
index d65b10e654..589b55e5d1 100644
--- a/playbooks/roles/gitea/templates/gitea.vhost.j2
+++ b/playbooks/roles/gitea/templates/gitea.vhost.j2
@@ -3,6 +3,13 @@ Listen 3081
 <VirtualHost *:3081>
   ServerName {{ inventory_hostname }}
   ServerAdmin infra-root@opendev.org
+  DocumentRoot /var/www/opendev.org
+
+  <Directory /var/www/opendev.org/>
+    Require all granted
+    Order allow,deny
+    Allow from all
+  </Directory>
 
   AllowEncodedSlashes On
 
@@ -25,9 +32,14 @@ Listen 3081
 
   SSLProxyEngine on
 
-  Use UserAgentFilter
+  <Location /.well-known/matrix/client>
+    Header set Access-Control-Allow-Origin "*"
+  </Location>
 
+  Use UserAgentFilter
+  ProxyPass  /.well-known/ !
   ProxyPass  / https://{{ gitea_reverse_proxy_hostname }}:3000/ retry=0
   ProxyPassReverse / https://{{ gitea_reverse_proxy_hostname }}:3000/
 
+
 </VirtualHost>
diff --git a/testinfra/test_gitea.py b/testinfra/test_gitea.py
index d05bc9981d..cd7b4b7428 100644
--- a/testinfra/test_gitea.py
+++ b/testinfra/test_gitea.py
@@ -38,6 +38,20 @@ def test_robots(host):
                    'https://gitea99.opendev.org:3000/robots.txt')
     assert 'Disallow: /' in cmd.stdout
 
+def test_matrix_server(host):
+    cmd = host.run('curl --insecure -v '
+                   '--resolve gitea99.opendev.org:3081:127.0.0.1 '
+                   'https://gitea99.opendev.org:3081/.well-known/matrix/server')
+    assert '"m.server": "opendev.ems.host:443"' in cmd.stdout
+    assert 'Access-Control-Allow-Origin' not in cmd.stderr
+
+def test_matrix_client(host):
+    cmd = host.run('curl --insecure -v '
+                   '--resolve gitea99.opendev.org:3081:127.0.0.1 '
+                   'https://gitea99.opendev.org:3081/.well-known/matrix/client')
+    assert '"base_url": "https://opendev.ems.host"' in cmd.stdout
+    assert 'Access-Control-Allow-Origin' in cmd.stderr
+
 def test_proxy(host):
     cmd = host.run('curl --insecure '
                    '--resolve gitea99.opendev.org:3081:127.0.0.1 '