diff --git a/.env.sample b/.env.sample
index 7c786ae..eeacf3b 100644
--- a/.env.sample
+++ b/.env.sample
@@ -6,3 +6,5 @@ LETS_ENCRYPT_ENV=production
 SECRET_DB_PASSWORD_VERSION=v1
 
 SYNAPSE_ADMIN_EMAIL=admin@example.com
+
+DISABLE_FEDERATION=0
diff --git a/compose.yml b/compose.yml
index 57c3653..aebec84 100644
--- a/compose.yml
+++ b/compose.yml
@@ -8,6 +8,7 @@ services:
       - proxy
       - internal
     environment:
+      - DISABLE_FEDERATION
       - DOMAIN
       - STACK_NAME
     configs:
@@ -31,6 +32,7 @@ services:
     secrets:
       - db_password
     environment:
+      - DISABLE_FEDERATION
       - LETSENCRYPT_HOST=${DOMAIN}
       - SYNAPSE_ADMIN_EMAIL
       - SYNAPSE_REPORT_STATS=no
diff --git a/homeserver.yaml.tmpl b/homeserver.yaml.tmpl
index a09c7e9..f7f611e 100644
--- a/homeserver.yaml.tmpl
+++ b/homeserver.yaml.tmpl
@@ -310,9 +310,15 @@ listeners:
     type: http
     x_forwarded: true
 
+    {{ if eq (env "DISABLE_FEDERATION") "1" }}
+    resources:
+      - names: [client]
+        compress: false
+    {{ else }}
     resources:
       - names: [client, federation]
         compress: false
+    {{ end }}
 
     # example additional_resources:
     #
@@ -649,6 +655,9 @@ retention:
 #  - lon.example.com
 #  - nyc.example.com
 #  - syd.example.com
+{{ if eq (env "DISABLE_FEDERATION") "1" }}
+federation_domain_whitelist: []
+{{ end }}
 
 # Report prometheus metrics on the age of PDUs being sent to and received from
 # the following domains. This can be used to give an idea of "delay" on inbound
diff --git a/nginx.conf.tmpl b/nginx.conf.tmpl
index 6965c0a..d3cd4cd 100644
--- a/nginx.conf.tmpl
+++ b/nginx.conf.tmpl
@@ -22,5 +22,12 @@ http {
       proxy_set_header Host $host;
       client_max_body_size 50M;
     }
+
+    {{ if eq (env "DISABLE_FEDERATION") "1" }}
+    location /.well-known/matrix/ {
+      deny all
+    }
+    {{ end }}
+
   }
 }