diff --git a/ansible/roles/gateway/files/haproxy-fail2ban-jail.conf b/ansible/roles/gateway/files/haproxy-fail2ban-jail.conf
index 2fe3fcb..aece157 100644
--- a/ansible/roles/gateway/files/haproxy-fail2ban-jail.conf
+++ b/ansible/roles/gateway/files/haproxy-fail2ban-jail.conf
@@ -6,11 +6,11 @@ maxretry = 100
 filter   = haproxy-basic
 backend  = systemd
 journalmatch = _COMM=haproxy
-port     = http,https,{{ haproxy.exposed_ports | join(",") }}
+port     = http,https,8448
 ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }}
 
 [traefik]
 enabled = true
 filter = haproxy-basic  # Not actually used
-port     = http,https,{{ haproxy.exposed_ports | join(",") }}
+port     = http,https,8448
 ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }}
diff --git a/ansible/roles/gateway/files/haproxy.cfg b/ansible/roles/gateway/files/haproxy.cfg
index 128a6f7..3daae8f 100644
--- a/ansible/roles/gateway/files/haproxy.cfg
+++ b/ansible/roles/gateway/files/haproxy.cfg
@@ -35,11 +35,7 @@ listen http
   timeout server  10m
   server default {{ wireguard.clients.ingress.ip }}:880 check
 
-{% for port in haproxy.exposed_ports %}
-
-listen expose_{{ port }}
-  bind *:{{ port }}
+listen matrix
+  bind *:8448
   mode tcp
-  server default {{ wireguard.clients.ingress.ip }}:{{ port }}
-
-{% endfor %}
+  server default {{ wireguard.clients.ingress.ip }}:8443 send-proxy
diff --git a/ansible/roles/pve_docker/files/synapse/docker-compose.yml b/ansible/roles/pve_docker/files/synapse/docker-compose.yml
index c6bc605..c362c66 100644
--- a/ansible/roles/pve_docker/files/synapse/docker-compose.yml
+++ b/ansible/roles/pve_docker/files/synapse/docker-compose.yml
@@ -21,7 +21,6 @@ services:
       - traefik.enable=true
       - traefik.http.routers.synapse.rule=Host(`matrix.jakehoward.tech`)
       - traefik.http.routers.synapse.tls.certresolver=le
-      - traefik.http.routers.synapse.entrypoints=web-secure,matrix
 
   db:
     image: postgres:12-alpine
diff --git a/ansible/roles/traefik/files/file-provider-main.yml b/ansible/roles/traefik/files/file-provider-main.yml
index 929795b..013625a 100644
--- a/ansible/roles/traefik/files/file-provider-main.yml
+++ b/ansible/roles/traefik/files/file-provider-main.yml
@@ -1,8 +1,5 @@
 http:
   middlewares:
-    tls-redirect:
-      redirectScheme:
-        scheme: https
     compress:
       compress: {}
 
diff --git a/ansible/roles/traefik/files/traefik.yml b/ansible/roles/traefik/files/traefik.yml
index b9c4d03..0dc0910 100644
--- a/ansible/roles/traefik/files/traefik.yml
+++ b/ansible/roles/traefik/files/traefik.yml
@@ -15,23 +15,12 @@ entryPoints:
     address: :443
     http:
       middlewares:
-        - tls-redirect@file
         - floc-block@file
     proxyProtocol:
       trustedIPs:
         - "{{ wireguard.cidr }}"
         - "{{ pve_hosts.internal_cidr }}"
         - "{{ nebula.cidr }}"
-  matrix:
-    address: :8448
-    http:
-      middlewares:
-        - tls-redirect@file
-    proxyProtocol:
-      trustedIPs:
-        - "{{ wireguard.cidr }}"
-        - "{{ pve_hosts.internal_cidr }}"
-        - "{{ nebula.cidr }}"
   traefik:
     address: "{{ private_ip }}:8080"