diff --git a/nginx-rp/nginx.conf b/nginx-rp/nginx.conf
index 2a8fc34..5e9646d 100644
--- a/nginx-rp/nginx.conf
+++ b/nginx-rp/nginx.conf
@@ -76,7 +76,7 @@ http {
 	proxy_set_header X-Real-IP $remote_addr;
 	proxy_set_header X-Forwarded-Port $server_port;
 	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-	proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
+	proxy_set_header X-Forwarded-Proto $scheme;
 	proxy_set_header X-Forwarded-Scheme $scheme;
 
 	# Needed to support websocket connections
diff --git a/nginx-rp/reverse-proxy.conf b/nginx-rp/reverse-proxy.conf
index 9f4128c..a495d5f 100644
--- a/nginx-rp/reverse-proxy.conf
+++ b/nginx-rp/reverse-proxy.conf
@@ -190,10 +190,18 @@ server {
 
 	server_name viyurz.fr;
 
-	location /.well-known/matrix/server {
+	location ~ ^/.well-known/matrix/server$ {
 		default_type application/json;
 		return 200 '{ "m.server": "matrix.viyurz.fr:443" }';
 	}
+	
+	location ~ ^/.well-known/matrix/client$ {
+		default_type application/json;
+		add_header Access-Control-Allow-Origin '*';
+		add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+		add_header Set-Cookie "Path=/; HttpOnly; Secure";
+		return 200 '{ "m.homeserver": { "base_url": "https://matrix.viyurz.fr" } }';
+	}
 
 	location / {
 		return 308 https://www.viyurz.fr$request_uri;
diff --git a/setup-rootless.sh b/setup-rootless.sh
new file mode 100755
index 0000000..9aa70a2
--- /dev/null
+++ b/setup-rootless.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+sudo apt install -y uidmap fuse-overlayfs slirp4netns rootlesskit
+
+if ! grep -q '/usr/share/docker.io/contrib' "$HOME/.profile" > /dev/null; then
+	echo 'export PATH="/usr/share/docker.io/contrib:$PATH"' >> "$HOME/.profile"
+fi
+
+if ! grep -q 'DOCKER_HOST' "$HOME/.profile" > /dev/null; then
+	echo "export DOCKER_HOST=unix:///run/user/$(id -u)/docker.sock" >> "$HOME/.profile"
+fi
+
+sudo loginctl enable-linger "$USER"
+
+PATH="/usr/share/docker.io/contrib:$PATH" dockerd-rootless-setuptool.sh install
+
+echo '{"storage-driver": "fuse-overlayfs"}' > "$HOME/.config/docker/daemon.json"
+
+systemctl --user enable --now docker
diff --git a/synapse/docker-compose.yaml b/synapse/docker-compose.yaml
index c11d4ba..4ed4f17 100644
--- a/synapse/docker-compose.yaml
+++ b/synapse/docker-compose.yaml
@@ -3,6 +3,7 @@ services:
     container_name: synapse_postgres
     image: postgres:alpine
     restart: always
+    user: '70:70'
     environment:
       LANG: C
       POSTGRES_INITDB_ARGS: "--locale=C --encoding=UTF8"
@@ -18,6 +19,7 @@ services:
     image: matrixdotorg/synapse:latest
     # command: generate
     restart: always
+    user: '991:991'
     environment:
       # SYNAPSE_SERVER_NAME: viyurz.fr
       # SYNAPSE_REPORT_STATS: "yes"
diff --git a/vw/docker-compose.yaml b/vw/docker-compose.yaml
index eddb72a..7fd8282 100644
--- a/vw/docker-compose.yaml
+++ b/vw/docker-compose.yaml
@@ -3,6 +3,7 @@ services:
     image: vaultwarden/server:latest
     container_name: vaultwarden
     restart: always
+    user: '1000:1000'
     environment:
       - DOMAIN=https://vw.viyurz.fr  # Your domain; vaultwarden needs to know it's https to work properly with attachments
       - SIGNUPS_ALLOWED=false