diff --git a/README.md b/README.md
index 3b50065f..f4440bc6 100644
--- a/README.md
+++ b/README.md
@@ -79,10 +79,10 @@ try the **[read-only demo server](https://a.ocv.me/pub/demo/)** 👀 running fro
     * [hiding from google](#hiding-from-google) - tell search engines you dont wanna be indexed
     * [themes](#themes)
     * [complete examples](#complete-examples)
+    * [reverse-proxy](#reverse-proxy) - running copyparty next to other websites
 * [browser support](#browser-support) - TLDR: yes
 * [client examples](#client-examples) - interact with copyparty using non-browser clients
     * [mount as drive](#mount-as-drive) - a remote copyparty server as a local filesystem
-* [up2k](#up2k) - quick outline of the up2k protocol, see [uploading](#uploading) for the web-client
 * [performance](#performance) - defaults are usually fine - expect `8 GiB/s` download, `1 GiB/s` upload
     * [client-side](#client-side) - when uploading files
 * [security](#security) - some notes on hardening
@@ -90,11 +90,7 @@ try the **[read-only demo server](https://a.ocv.me/pub/demo/)** 👀 running fro
 * [recovering from crashes](#recovering-from-crashes)
     * [client crashes](#client-crashes)
         * [frefox wsod](#frefox-wsod) - firefox 87 can crash during uploads
-* [HTTP API](#HTTP-API)
-    * [read](#read)
-    * [write](#write)
-    * [admin](#admin)
-    * [general](#general)
+* [HTTP API](#HTTP-API) - see [devnotes](#./docs/devnotes.md#http-api)
 * [dependencies](#dependencies) - mandatory deps
     * [optional dependencies](#optional-dependencies) - install these to enable bonus features
     * [install recommended deps](#install-recommended-deps)
@@ -128,7 +124,7 @@ you may also want these, especially on servers:
 
 * [contrib/systemd/copyparty.service](contrib/systemd/copyparty.service) to run copyparty as a systemd service
 * [contrib/systemd/prisonparty.service](contrib/systemd/prisonparty.service) to run it in a chroot (for extra security)
-* [contrib/nginx/copyparty.conf](contrib/nginx/copyparty.conf) to reverse-proxy behind nginx (for better https)
+* [contrib/nginx/copyparty.conf](contrib/nginx/copyparty.conf) to [reverse-proxy](#reverse-proxy) behind nginx (for better https)
 
 and remember to open the ports you want; here's a complete example including every feature copyparty has to offer:
 ```
@@ -1072,6 +1068,21 @@ see the top of [./copyparty/web/browser.css](./copyparty/web/browser.css) where
     `-lo log/cpp-%Y-%m%d-%H%M%S.txt.xz`
 
 
+## reverse-proxy
+
+running copyparty next to other websites  hosted on an existing webserver such as nginx or apache
+
+you can either:
+* give copyparty its own domain or subdomain (recommended)
+* or do location-based proxying, using `--rp-loc=/stuff` to tell copyparty where it is mounted -- has a slight performance cost and higher chance of bugs
+  * if copyparty says `incorrect --rp-loc or webserver config; expected vpath starting with [...]` it's likely because the webserver is stripping away the proxy location from the request URLs -- see the `ProxyPass` in the apache example below
+
+example webserver configs:
+
+* [nginx config](contrib/nginx/copyparty.conf) -- entire domain/subdomain
+* [apache2 config](contrib/apache/copyparty.conf) -- location-based
+
+
 # browser support
 
 TLDR: yes
diff --git a/contrib/apache/copyparty.conf b/contrib/apache/copyparty.conf
new file mode 100644
index 00000000..8824c2f1
--- /dev/null
+++ b/contrib/apache/copyparty.conf
@@ -0,0 +1,15 @@
+# when running copyparty behind a reverse proxy,
+# the following arguments are recommended:
+#
+#   --http-only     lower latency on initial connection
+#   -i 127.0.0.1    only accept connections from nginx
+#
+# if you are doing location-based proxying (such as `/stuff` below)
+# you must run copyparty with --rp-loc=stuff
+#
+# on fedora/rhel, remember to setsebool -P httpd_can_network_connect 1
+
+LoadModule proxy_module modules/mod_proxy.so
+ProxyPass "/stuff" "http://127.0.0.1:3923/stuff"
+# do not specify ProxyPassReverse
+RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
diff --git a/docs/devnotes.md b/docs/devnotes.md
index d674dbf9..2829265d 100644
--- a/docs/devnotes.md
+++ b/docs/devnotes.md
@@ -3,7 +3,13 @@
 * top
 * [future plans](#future-plans) - some improvement ideas
 * [design](#design)
+    * [up2k](#up2k) - quick outline of the up2k protocol
     * [why chunk-hashes](#why-chunk-hashes) - a single sha512 would be better, right?
+* [http api](#http-api)
+    * [read](#read)
+    * [write](#write)
+    * [admin](#admin)
+    * [general](#general)
 * [assumptions](#assumptions)
     * [mdns](#mdns)
 * [sfx repack](#sfx-repack) - reduce the size of an sfx by removing features
@@ -35,7 +41,7 @@ some improvement ideas
 
 ## up2k
 
-quick outline of the up2k protocol, see [uploading](#uploading) for the web-client
+quick outline of the up2k protocol,  see [uploading](https://github.com/9001/copyparty#uploading) for the web-client
 * the up2k client splits a file into an "optimal" number of chunks
   * 1 MiB each, unless that becomes more than 256 chunks
   * tries 1.5M, 2M, 3, 4, 6, ... until <= 256 chunks or size >= 32M