I retested matrix synapse successfully with reverse proxy and created /etc/httpd/conf.d/a_synapse.conf on the “main” Nethserver to reverse proxy both, port 443 and 8448 with nocanon option to the local VM (1.2.3.4 in this example). You also need to open port 8448 on the “Main” Nethserver by creating a service “synapse” with TCP port 8448 and access for red and green. This way no reverse proxy in cockpit is needed.
/etc/httpd/conf.d/a_synapse.conf:
<VirtualHost *:443>
SSLEngine on
ServerName matrix.yourdomain.org
AllowEncodedSlashes NoDecode
ProxyPass /_matrix https://1.2.3.4/_matrix nocanon
ProxyPassReverse /_matrix https://1.2.3.4/_matrix
</VirtualHost>
Listen 8448
<VirtualHost *:8448>
SSLEngine on
AllowEncodedSlashes NoDecode
ProxyPass /_matrix https://1.2.3.4/_matrix nocanon
ProxyPassReverse /_matrix https://1.2.3.4/_matrix
</VirtualHost>