diff --git a/services/terraform/self-host/keyserver_primary.tf b/services/terraform/self-host/keyserver_primary.tf
--- a/services/terraform/self-host/keyserver_primary.tf
+++ b/services/terraform/self-host/keyserver_primary.tf
@@ -102,6 +102,12 @@
         {
           name  = "COMM_JSONCONFIG_facts_authoritative_keyserver",
           value = jsonencode(var.authoritative_keyserver_config),
+        },
+        {
+          name = "COMM_JSONCONFIG_facts_tunnelbroker",
+          value = jsonencode({
+            "url" : "${var.tunnelbroker_url}"
+          })
         }
       ]
       logConfiguration = {
diff --git a/services/terraform/self-host/keyserver_secondary.tf b/services/terraform/self-host/keyserver_secondary.tf
--- a/services/terraform/self-host/keyserver_secondary.tf
+++ b/services/terraform/self-host/keyserver_secondary.tf
@@ -89,6 +89,12 @@
             "domain" : "https://web.comm.app"
           })
         },
+        {
+          name = "COMM_JSONCONFIG_facts_tunnelbroker",
+          value = jsonencode({
+            "url" : "${var.tunnelbroker_url}"
+          })
+        },
         {
           name = "COMM_JSONCONFIG_secrets_identity_service_config",
           value = jsonencode({
diff --git a/services/terraform/self-host/variables.tf b/services/terraform/self-host/variables.tf
--- a/services/terraform/self-host/variables.tf
+++ b/services/terraform/self-host/variables.tf
@@ -66,6 +66,12 @@
   default     = "https://identity.commtechnologies.org:50054"
 }
 
+variable "tunnelbroker_url" {
+  description = "The address to access the tunnelbroker service"
+  type        = string
+  default     = "wss://tunnelbroker.commtechnologies.org:51001"
+}
+
 variable "db_instance_class" {
   description = "The instance class for the MariaDB RDS instance"
   type        = string