diff --git a/nixos/systems/altra/http-synapse-proxy.nix b/nixos/systems/altra/http-synapse-proxy.nix
index 919f72e..2660c7c 100644
--- a/nixos/systems/altra/http-synapse-proxy.nix
+++ b/nixos/systems/altra/http-synapse-proxy.nix
@@ -86,7 +86,7 @@ in
             {
               ProxyRequests = "on";
               AddDefaultCharset = "off";
-              AllowCONNECT = "443";
+              AllowCONNECT = [ "443" "8448" "8433" "8478" "3236" "8080" ];
             }
             {
               ServerName = "synapse-proxy.in.redalder.org";
@@ -101,7 +101,7 @@ in
               };
             }
             {
-              ProxyMatch."^([a-zA-Z]+\.)+[a-zA-Z]*:(443|8443).*$" = {
+              ProxyMatch."^([a-zA-Z\-_0-9]+\.)+[a-zA-Z\-_0-9]*:(443|8448|8443|8478|3236|8080).*$" = {
                 AuthType = "Basic";
                 AuthName = "\"Password Required\"";
                 AuthUserFile = "/var/secret/htpasswd";
@@ -114,15 +114,14 @@ in
                   ];
                   RequireAny."" = {
                     Require = [
-                      [ "ip 10.64.2.1" ]
-                      [ "ip 127.0.0.1" ]
+                      [ "ip 10.64.0.2" ]
                     ];
                   };
                 };
               };
             }
             {
-              ProxyMatch."^http:\/\/([a-zA-Z]+\.)+[a-zA-Z]*(|:(80))$" = {
+              ProxyMatch."^http:\/\/([a-zA-Z\-_0-9]+\.)+[a-zA-Z\-_0-9]*(|:(80|8080))$" = {
                 AuthType = "Basic";
                 AuthName = "\"Password Required\"";
                 AuthUserFile = "/var/secret/htpasswd";