diff --git a/roles/matrix/defaults/main.yml b/roles/matrix/defaults/main.yml
index e7577ef..9b345e1 100644
--- a/roles/matrix/defaults/main.yml
+++ b/roles/matrix/defaults/main.yml
@@ -79,3 +79,12 @@ matrix_elementweb_integrations_jitsi_widget_url: "https://scalar.vector.im/api/w
 
 # Element Web public room directory server(s)
 matrix_elementweb_roomdir_servers: ['matrix.org']
+
+# The matrix webhooks image tag (see https://hub.docker.com/r/turt2live/matrix-appservice-webhooks/tags?page=1&ordering=last_updated)
+matrix_webhooks_enabled: true
+matrix_webhooks_image_version: "latest"
+matrix_webhooks_location: "{{ matrix_install_location}}/webhooks"
+matrix_webhooks_domain: "webhooks.example.com"
+matrix_webhooks_provisioning_key: "{{ lookup('passwordstore',  matrix_webhooks_domain +  '/provisioning-api create=true length=42') }}"
+matrix_webhooks_display_name: "Captain Webhook"
+matrix_webhooks_avatar: "http://i.imgur.com/IDOBtEJ.png"
diff --git a/roles/matrix/handlers/main.yml b/roles/matrix/handlers/main.yml
index b1d3e18..3aab024 100644
--- a/roles/matrix/handlers/main.yml
+++ b/roles/matrix/handlers/main.yml
@@ -29,3 +29,15 @@
     - docker
     - matrix
   become: true
+
+- name: restart matrix webhooks
+  docker_compose:
+    services:
+      - appservice-webhooks
+    state: present
+    project_src: "{{ matrix_install_location }}"
+    restarted: yes
+  tags:
+    - docker
+    - matrix
+  become: true
diff --git a/roles/matrix/tasks/main.yml b/roles/matrix/tasks/main.yml
index 5773870..acab299 100644
--- a/roles/matrix/tasks/main.yml
+++ b/roles/matrix/tasks/main.yml
@@ -29,6 +29,7 @@
     - "{{ matrix_database_location }}"
     - "{{ matrix_data_location }}"
     - "{{ matrix_elementweb_location }}"
+    - "{{ matrix_webhooks_location }}"
   become: true
 
 - name: Create install directory
@@ -51,6 +52,7 @@
     - "{{ matrix_database_location }}"
     - "{{ matrix_data_location }}"
     - "{{ matrix_elementweb_location }}"
+    - "{{ matrix_webhooks_location }}"
   become: true
 
 - name: Deploy docker-compose.yml
@@ -108,6 +110,24 @@
     - matrix
   become: true
 
+- name: Deploy webhooks config files
+  template:
+    src: "webhooks/{{ item }}"
+    dest: "{{ matrix_webhooks_location }}/{{ item }}"
+    setype: "container_file_t"
+    mode: '0644'
+    owner: 'root'
+    group: 'root'
+  with_items:
+    - "database.json"
+    - "config.yaml"
+  tags:
+    - docker
+    - matrix
+    - webhooks
+  notify: restart matrix webhooks
+  become: true
+
 - name: Check if homeserver.yaml (config) exists
   stat:
     path: "{{ matrix_data_location }}/homeserver.yaml"
@@ -129,6 +149,28 @@
   when:
     - not matrix_synapse_homeserver_yaml.stat.exists
 
+- name: Generate webhooks registration
+  command: 'docker-compose run appservice-webhooks node index.js -r \
+              -f /data/appservice-registration-webhooks.yaml \
+              -u "http://appservice-webhooks:9000" -c /data/config.yaml'
+  args:
+    chdir: "{{ matrix_install_location }}"
+    creates: "{{ matrix_webhooks_location }}/appservice-registration-webhooks.yaml"
+  become: true
+  when:
+    - matrix_webhooks_enabled
+
+- name: Link webhooks registration to synapse folder
+  copy:
+    src: "{{ matrix_webhooks_location }}/appservice-registration-webhooks.yaml"
+    dest: "{{ matrix_data_location }}/appservice-registration-webhooks.yaml"
+    remote_src: true
+    owner: '991'
+    group: '991'
+  become: true
+  when:
+    - matrix_webhooks_enabled
+
 - name: Compose matrix
   docker_compose:
     state: present
diff --git a/roles/matrix/templates/docker-compose.yml b/roles/matrix/templates/docker-compose.yml
index cf933fa..9c852c1 100644
--- a/roles/matrix/templates/docker-compose.yml
+++ b/roles/matrix/templates/docker-compose.yml
@@ -164,6 +164,43 @@ services:
 {% endif %}
     restart: always
 
+{% if matrix_webhooks_enabled %}
+  appservice-webhooks:
+    image: docker.io/turt2live/matrix-appservice-webhooks:{{ matrix_webhooks_image_version }}
+    mem_limit: 128mb
+    memswap_limit: 256mb
+    read_only: true
+    security_opt:
+      - no-new-privileges
+    depends_on:
+      - synapse
+    volumes:
+      - "{{ matrix_webhooks_location }}:/data"
+    labels:
+      - "traefik.enable=true"
+
+      - "traefik.http.routers.matrix-webhooks.rule=Host(`{{ matrix_webhooks_domain }}`) && PathPrefix(`/`)"
+      - "traefik.http.routers.matrix-webhooks.entrypoints=websecure"
+      - "traefik.http.routers.matrix-webhooks.tls.certresolver={{ matrix_traefik_certresolver }}"
+      - "traefik.http.routers.matrix-webhooks.middlewares=matrix-webhooks,compress"
+      - "traefik.http.services.matrix-webhooks.loadbalancer.server.port=9000"
+      - "traefik.http.middlewares.matrix-webhooks.headers.sslredirect=true"
+      - "traefik.http.middlewares.matrix-webhooks.headers.stsSeconds=63072000"
+      - "traefik.http.middlewares.matrix-webhooks.headers.referrerPolicy=no-referrer"
+
+{% if proxy_network is defined %}
+      - "traefik.docker.network={{ proxy_network }}"
+{% endif %}
+{% if proxy_hiddenservice['content'] is defined %}
+      - "traefik.http.middlewares.matrix-webhooks.headers.customresponseheaders.alt-svc:h2={{ proxy_hiddenservice['content'] | b64decode | trim }}:443; ma=2592000"
+{% endif %}
+{% if proxy_network is defined %}
+    networks:
+      {{ proxy_network }}:
+{% endif %}
+    restart: always
+{% endif %}
+
 networks:
   database:
     internal: true
diff --git a/roles/matrix/templates/webhooks/config.yaml b/roles/matrix/templates/webhooks/config.yaml
new file mode 100644
index 0000000..550fa4e
--- /dev/null
+++ b/roles/matrix/templates/webhooks/config.yaml
@@ -0,0 +1,39 @@
+{{ ansible_managed | comment }}
+
+# Configuration specific to the application service. All fields (unless otherwise marked) are required.
+homeserver:
+  # The domain for the client-server API calls.
+  url: "http://synapse:8008"
+
+  # The domain part for user IDs on this home server. Usually, but not always, this is the same as the
+  # home server's URL.
+  domain: "{{ matrix_synapse_servername }}"
+
+# Configuration specific to the bridge. All fields (unless otherwise marked) are required.
+webhookBot:
+  # The localpart to use for the bot. May require re-registering the application service.
+  localpart: "_webhook"
+
+  # Appearance options for the Matrix bot
+  appearance:
+    displayName: "{{ matrix_webhooks_display_name }}"
+    avatarUrl: "{{ matrix_webhooks_avatar }}" # webhook icon
+
+# Provisioning API options
+provisioning:
+  # Your secret for the API. Required for all provisioning API requests.
+  secret: '{{ matrix_webhooks_provisioning_key }}'
+
+# Configuration related to the web portion of the bridge. Handles the inbound webhooks
+web:
+  hookUrlBase: 'https://{{ matrix_webhooks_domain }}/'
+
+logging:
+  file: data/logs/webhook.log
+  console: true
+  consoleLevel: info
+  fileLevel: verbose
+  writeFiles: true
+  rotate:
+    size: 52428800 # bytes, default is 50mb
+    count: 5
diff --git a/roles/matrix/templates/webhooks/database.json b/roles/matrix/templates/webhooks/database.json
new file mode 100644
index 0000000..f1d3573
--- /dev/null
+++ b/roles/matrix/templates/webhooks/database.json
@@ -0,0 +1,13 @@
+{
+    "defaultEnv": {
+        "ENV": "NODE_ENV"
+    },
+    "development": {
+        "driver": "sqlite3",
+        "filename": "data/development.db"
+    },
+    "production": {
+        "driver": "sqlite3",
+        "filename": "data/production.db"
+    }
+}