diff --git a/examples/caddy/Caddyfile b/examples/caddy/Caddyfile
new file mode 100755
index 00000000..3a2e247b
--- /dev/null
+++ b/examples/caddy/Caddyfile
@@ -0,0 +1,46 @@
+https://matrix.finallycoffee.eu {
+	tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
+	root /matrix_static
+	header / {
+		Access-Control-Allow-Origin *
+		Strict-Transport-Security "max-age=31536000;"
+		X-Frame-Options "DENY"
+		X-XSS-Protection "1; mode=block"
+	}
+	proxy /_matrix/identity matrix-mxisd:8090 {
+		transparent
+	}
+	proxy /_matrix matrix-synapse:8008 {
+		transparent
+	}
+}
+
+https://dimension.matrix.finallycoffee.eu {
+	tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
+	header / {
+		Access-Control-Allow-Origin *
+	}
+	proxy / http://matrix-dimension:8184 {
+		transparent
+		header_upstream X-Forwarded-For {remote}
+		header_upstream Host {host}
+		websocket
+	}
+}
+
+https://chat.finallycoffee.eu {
+	tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
+	proxy / matrix-riot-web:8080 {
+		transparent
+	}
+}
+
+# Federation listens on all IPs because older Synapse versions do not support SNI
+https://:8448 {
+	tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
+	proxy /_matrix matrix-synapse:8048 {
+		transparent
+	}
+}
+
+
diff --git a/examples/caddy/matrix-dimension b/examples/caddy/matrix-dimension
new file mode 100644
index 00000000..6defb0d2
--- /dev/null
+++ b/examples/caddy/matrix-dimension
@@ -0,0 +1,7 @@
+https://dimension.DOMAIN {
+	tls /matrix/ssl/config/live/dimension.DOMAIN/fullchain.pem /matrix/ssl/config/live/dimension.DOMAIN/privkey.pem
+
+	proxy / http://127.0.0.1:8134/ {
+		transparent
+	}
+}
diff --git a/examples/caddy/matrix-riot-web b/examples/caddy/matrix-riot-web
new file mode 100644
index 00000000..28df6cd2
--- /dev/null
+++ b/examples/caddy/matrix-riot-web
@@ -0,0 +1,7 @@
+https://riot.DOMAIN {
+	tls /matrix/ssl/config/live/riot.DOMAIN/fullchain.pem /matrix/ssl/config/live/riot.DOMAIN/privkey.pem
+
+	proxy / http://127.0.0.1:8765 {
+		transparent
+	}
+}
diff --git a/examples/caddy/matrix-synapse b/examples/caddy/matrix-synapse
new file mode 100644
index 00000000..800d7f7b
--- /dev/null
+++ b/examples/caddy/matrix-synapse
@@ -0,0 +1,26 @@
+https://matrix.DOMAIN {
+	tls /matrix/ssl/config/live/matrix.DOMAIN/fullchain.pem /matrix/ssl/config/live/matrix.DOMAIN/privkey.pem
+
+	root /matrix/static-files
+
+	header {
+		Access-Control-Allow-Origin *
+		Strict-Transport-Security "mag=age=31536000;"
+		X-Frame-Options "DENY"
+		X-XSS-Protection "1; mode=block"
+	}
+
+	proxy /_matrix/identity matrix-msisd:8090 {
+		transparent
+	}
+
+	proxy /_matrix/client/r0/user_directory/search matrix-msisd:8090 {
+		transparent
+	}
+
+	proxy / matrix-synapse:8008 {
+		transparent
+		without /.well-known/ /_matrix/identity/ /_matrix/client/r0/user_directory/search
+	}
+
+}
diff --git a/examples/caddy/matrix-util b/examples/caddy/matrix-util
new file mode 100644
index 00000000..191f7758
--- /dev/null
+++ b/examples/caddy/matrix-util
@@ -0,0 +1,7 @@
+:80 {
+	# Redirect ACME-Challenge traffic to port 2402
+	proxy /.well-known/acme-challenge http://127.0.0.1:2402
+
+	# Redirect all other traffic to HTTPS
+	redir /  https://{host}{uri} 301
+}