@girish Well-known is in place for Synapse already, but it seems that well-known configurations aren't enough to enable entering domain.tld as homeserver in Riot sign-in when the server is at matrix.domain.tld.
What seems to be needed is the ability to forward the whole /_matrix path at domain.tld to Synapse.
In nginx terms I belive that would look something like this:
server {
listen 443;
server_name domain.tld;
location /_matrix {
proxy_pass https://matrix.domain.tld;
}
}