diff --git a/doc/CONFIGURATION.md b/doc/CONFIGURATION.md
index 46d6165..b041a60 100644
--- a/doc/CONFIGURATION.md
+++ b/doc/CONFIGURATION.md
@@ -7,17 +7,18 @@ Command line parameters and startup
 
 aprsc understands a few command line parameters. On Ubuntu/Debian derived
 systems these go to /etc/default/aprsc, on other systems they go in the init
-script starting up the software.
+script starting up the software. Shown here are the settings installed by
+default when installing aprsc from a binary package.
 
- *  -u aprsc: switch to user 'aprsc' as soon as possible
- *  -t /opt/aprsc: chroot to the given directory after starting
- *  -f: fork to a daemon
- *  -e info: log at level info (can be changed to "debug" for more verbose
+ *  `-u aprsc` - switch to user 'aprsc' as soon as possible
+ *  `-t /opt/aprsc` - chroot to the given directory after starting
+ *  `-f` - fork to a daemon
+ *  `-e info` - log at level info (can be changed to "debug" for more verbose
     logging)
- *  -o file: log to file (can be changed to "stderr" for supervisord and debugging, or "syslog"
+ *  `-o file` - log to file (can be changed to "stderr" for supervisord and debugging, or "syslog"
    for syslogd)
- *  -r logs: log file directory, log files are placed in /opt/aprsc/logs
- *  -c etc/aprsc.onf: configuration file location
+ *  `-r logs` - log file directory, log files are placed in /opt/aprsc/logs
+ *  `-c etc/aprsc.conf` - configuration file location
 
 Since the daemon chroots to /opt/aprsc, all paths are relative to that
 directory and the daemon cannot access any files outside the chroot. The
@@ -25,6 +26,15 @@ supplied startup script copies a couple of essential files from /etc top
 /opt/aprsc/etc so that DNS lookups work (hosts, resolv.conf, gai.conf,
 /nsswitch.conf).
 
+aprsc refuses to run as root, but it should be started to root so that it
+can do the chroot() dance and adjust resource limits as needed. When started
+as root, it requires that the -u parameter is set to an unprivileged user.
+Right after the chroot() it switches to the specified user to reduce the
+damage potential. For security reasons it's a good idea to have a separate
+unprivileged user account for aprsc. The official binary aprsc packages
+automatically creates the aprsc user account and uses that in the
+configuration.
+
 aprsc can log to syslog too, but that'd require bringing the
 syslog socket within the chroot.
 
@@ -36,7 +46,7 @@ Configuration file options in aprsc.conf
 
  *  ServerId NOCALL
     
-    This is your unique server ID. Typically contains either a callsign and
+    This is your unique server ID. Typically contains a callsign and
     an SSID.
 
  *  PassCode 0
@@ -64,7 +74,7 @@ Configuration file options in aprsc.conf
 
 Timer settings assume the time is specified in seconds, but allow appending
 one of s, m, h, d to multiply the given value by the number of seconds in a
-second, month, hour and day respectively. Examples:
+second, minute, hour and day respectively. Examples:
 
  * 600 - 600 seconds
  * 600s - 600 seconds
@@ -173,3 +183,57 @@ directives, one with an IPv4 address and another with the IPv6 one.
     UplinkBind 127.0.0.1
     UplinkBind dead:beef::15:f00d
 
+### HTTP server ###
+
+aprsc can listen for HTTP requests on one or multiple TCP ports. Each HTTP
+port responds to either status page queries, or takes in HTTP-based position
+uploads, but not both. HTTP listener configuration directioves take an IP
+address and a TCP port. Like the other Listeners, :: means "all addresses"
+for IPv6, 0.0.0.0 means "all addresses" for IPv4. On Linux, Solaris and OS X
+the :: IPv6 listener will also accept IPv4 connections happily, so you don't
+usually need a separate IPv4 listener.
+
+The status page HTTP service is configured using HTTPStatus. Here's a
+configuration example for the APRS-IS standard status port 14501:
+
+    HTTPStatus :: 14501
+
+The HTTP position upload service is configured using the HTTPUpload
+directive. Here's an example for the APRS-IS standard position submission
+port 8080:
+
+    HTTPUpload :: 8080
+
+Multiple HTTPStatus and HTTPUpload directives can be entered to listen on
+multiple addresses or ports:
+
+    HTTPUpload 127.0.0.1 8080
+    HTTPUpload 10.73.88.99 8080
+    HTTPUpload ::1 8080
+    HTTPUpload f00d::beef:bac0:ca1f 8080
+
+### Environment ###
+
+When the server starts up as the super-user (root), it can increase some
+resource limits automatically. When not starting as root these directives
+have no effect.
+
+If you wish to run a server which accepts a very large amount of users
+(usually not necessary), the amount of connections a server can accept can
+be limited by the operating system's limits for maximum open file
+descriptors per process. The FileLimit directive can be used to adjust this
+limit.
+
+    FileLimit 10000
+
+### Operator attention span qualification run ###
+
+The example configuration file contains an invalid configuration directive
+in the end for the purpose of making sure the operator actually reads
+through the file and adjusts it to match his needs. If it caught you by
+surprise, you should probably read through the whole configuration file with
+some added thought, and cross-reference the configuration directives with
+this document.
+
+Think of this as the "brown M&M's test" by Van Halen, adapted for the APRS-IS.
+