diff --git a/prosody.yml b/prosody.yml
index 4de16ec..94ecb58 100644
--- a/prosody.yml
+++ b/prosody.yml
@@ -4,8 +4,8 @@
     - name: prosody
       postgresql_password: "{{ postgresql_users.prosody }}"
       virtual_host: xmpp.comfycamp.space
-      muc_domain: conference.xmpp.comfycamp.space
-      http_file_share_domain: upload.xmpp.comfycamp.space
+      muc_domain: conference.comfycamp.space
+      http_file_share_domain: upload.comfycamp.space
       tls_cert_path: /etc/letsencrypt/live/comfycamp.space/fullchain.pem
       tls_key_path: /etc/letsencrypt/live/comfycamp.space/privkey.pem
       ldap_password: "{{ ldap_password }}"
diff --git a/roles/haproxy/files/haproxy.cfg b/roles/haproxy/files/haproxy.cfg
index 2992cb8..fe1eee9 100644
--- a/roles/haproxy/files/haproxy.cfg
+++ b/roles/haproxy/files/haproxy.cfg
@@ -44,6 +44,10 @@ frontend www
     use_backend mastodon_streaming if host_mastodon_tor path_streaming_api
     use_backend mastodon if host_mastodon || host_mastodon_tor
 
+    acl host_xmpp hdr(host) -i xmpp.comfycamp.space
+    acl host_xmpp_uploads hdr(host) -i upload.comfycamp.space
+    use_backend prosody if host_xmpp || host_xmpp_uploads
+
     acl host_matrix hdr(host) -i matrix.comfycamp.space matrix.comfycamp.space:443
     acl path_matrix path_beg /_matrix
     acl path_matrix path_beg /_synapse/client
@@ -179,3 +183,10 @@ backend mta_sts
 backend jellyfin
     mode http
     server s1 jellyfin:8096 check
+
+backend prosody
+    mode http
+    option forwardfor
+    option http-server-close
+    timeout tunnel 1h
+    server s1 prosody:5280 check
diff --git a/roles/prosody/tasks/main.yml b/roles/prosody/tasks/main.yml
index 51d538d..f1975d5 100644
--- a/roles/prosody/tasks/main.yml
+++ b/roles/prosody/tasks/main.yml
@@ -45,6 +45,7 @@
     image: git.comfycamp.space/lumin/prosody:v0.0.2
     networks:
       - name: postgresql
+      - name: haproxy
     ports:
       - "5000:5000"
       - "5222:5222"
diff --git a/roles/prosody/templates/prosody.cfg.lua.j2 b/roles/prosody/templates/prosody.cfg.lua.j2
index 37db6b8..932329f 100644
--- a/roles/prosody/templates/prosody.cfg.lua.j2
+++ b/roles/prosody/templates/prosody.cfg.lua.j2
@@ -91,6 +91,8 @@ https_interfaces = { "*" }
 
 legacy_ssl_ports = { 5223 }
 
+trusted_proxies = { "172.24.0.0/16" }
+
 turn_external_host = "{{ turn_external_host }}"
 turn_external_secret = "{{ turn_external_secret }}"