diff --git a/changelog.d/17994.doc b/changelog.d/17994.doc
new file mode 100644
index 0000000000..54b7cf1000
--- /dev/null
+++ b/changelog.d/17994.doc
@@ -0,0 +1 @@
+Fix example in reverse proxy docs to include server port.
diff --git a/docker/conf-workers/nginx.conf.j2 b/docker/conf-workers/nginx.conf.j2
index c3f9b584d2..95d2f760d2 100644
--- a/docker/conf-workers/nginx.conf.j2
+++ b/docker/conf-workers/nginx.conf.j2
@@ -38,6 +38,9 @@ server {
 {% if using_unix_sockets %}
         proxy_pass http://unix:/run/main_public.sock;
 {% else %}
+        # note: do not add a path (even a single /) after the port in `proxy_pass`,
+        # otherwise nginx will canonicalise the URI and cause signature verification
+        # errors.
         proxy_pass http://localhost:8080;
 {% endif %}
         proxy_set_header X-Forwarded-For $remote_addr;
diff --git a/docs/reverse_proxy.md b/docs/reverse_proxy.md
index 7128af114e..45de2b1f65 100644
--- a/docs/reverse_proxy.md
+++ b/docs/reverse_proxy.md
@@ -74,7 +74,7 @@ server {
         proxy_pass http://localhost:8008;
         proxy_set_header X-Forwarded-For $remote_addr;
         proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header Host $host;
+        proxy_set_header Host $host:$server_port;
 
         # Nginx by default only allows file uploads up to 1M in size
         # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml