diff --git a/doc/FAQ.md b/doc/FAQ.md
index 087c7141d7f99a28e9da9ee3a2f4fa45ab93397d..863166e832d6e6964d638949ef2f4811281e0398 100644
--- a/doc/FAQ.md
+++ b/doc/FAQ.md
@@ -17,6 +17,7 @@
 - [How does code-server decide what workspace or folder to open?](#how-does-code-server-decide-what-workspace-or-folder-to-open)
 - [How do I debug issues with code-server?](#how-do-i-debug-issues-with-code-server)
 - [Heartbeat file](#heartbeat-file)
+- [How does the config file work?](#how-does-the-config-file-work)
 - [Enterprise](#enterprise)
 
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
@@ -55,7 +56,7 @@ Feel free to file an issue to add a missing extension to the marketplace.
 Defaults to `~/.local/share/code-server/extensions`.
 
 If the `XDG_DATA_HOME` environment variable is set the data directory will be
-`$XDG_DATA_HOME/code-server/extensions`.
+`$XDG_DATA_HOME/code-server/extensions`. In general we try to follow the XDG directory spec.
 
 You can install an extension on the CLI with:
 
@@ -184,9 +185,8 @@ code-server --log debug
 Once this is done, replicate the issue you're having then collect logging
 information from the following places:
 
-1. stdout.
-2. The most recently created directory in the `logs` directory (found in the
-   data directory; see below for how to find that).
+1. stdout
+2. The most recently created directory in the `~/.local/share/code-server/logs` directory
 3. The browser console and network tabs.
 
 Additionally, collecting core dumps (you may need to enable them first) if
@@ -198,11 +198,31 @@ code-server crashes can be helpful.
 as there is an active browser connection.
 
 If you want to shutdown `code-server` if there hasn't been an active connection in X minutes
-you can do so by continously checking the last modified time on the heartbeat file and if it is
+you can do so by continuously checking the last modified time on the heartbeat file and if it is
 older than X minutes, you should kill `code-server`.
 
 [#1636](https://github.com/cdr/code-server/issues/1636) will make the experience here better.
 
+## How does the config file work?
+
+When `code-server` starts up, it creates a default config file in `~/.config/code-server/config.yaml` that looks
+like this:
+
+```yaml
+bind-addr: 127.0.0.1:8080
+auth: password
+password: mewkmdasosafuio3422 # This is randomly generated for each config.yaml
+cert: false
+```
+
+Each key in the file maps directly to a `code-server` flag. Run `code-server --help` to see
+a listing of all the flags.
+
+The default config here says to listen on the loopback IP port 8080, enable password authorization
+and no TLS. Any flags passed to `code-server` will take priority over the config file.
+
+The `--config` flag or `$CODE_SERVER_CONFIG` can be used to change the config file's location.
+
 ## Enterprise
 
 Visit [our enterprise page](https://coder.com) for more information about our
diff --git a/doc/guide.md b/doc/guide.md
index 2cc0363054a7620a78d1848bd9b9be3499bb3aa4..e14c2e667cd31139b70d529fba54fe158e865b71 100644
--- a/doc/guide.md
+++ b/doc/guide.md
@@ -218,7 +218,8 @@ Visit `https://<your-instance-ip>` to access code-server.
 You'll get a warning when accessing but if you click through you should be good.
 
 You can also use [mkcert](https://mkcert.dev) to create a self signed certificate trusted by your
-OS to avoid the warnings.
+OS to avoid the warnings and then pass it to code-server via the `cert` and `cert-key` config
+fields.
 
 ### Change the password?
 
diff --git a/src/node/cli.ts b/src/node/cli.ts
index 51dc14d0957d6b3739b1ac99deac6fa59dc11ea3..de18f61e109bf5e9ea85b2a74a9310f09a11cbb8 100644
--- a/src/node/cli.ts
+++ b/src/node/cli.ts
@@ -338,7 +338,7 @@ export async function readConfigFile(configPath?: string): Promise<Args> {
     logger.info(`Wrote default config file to ${humanPath(configPath)}`)
   }
 
-  logger.info(`Using config file from ${humanPath(configPath)}`)
+  logger.info(`Using config file ${humanPath(configPath)}`)
 
   const configFile = await fs.readFile(configPath)
   const config = yaml.safeLoad(configFile.toString(), {
diff --git a/src/node/entry.ts b/src/node/entry.ts
index d493b1313f976c6b60acf01a176f57951ee811e2..9ede47f52559bde24b08c67a7f98bb76e6a37c52 100644
--- a/src/node/entry.ts
+++ b/src/node/entry.ts
@@ -43,8 +43,9 @@ const main = async (cliArgs: Args): Promise<void> => {
     }
   }
 
-  logger.trace(`Using extensions-dir at ${humanPath(args["extensions-dir"])}`)
-  logger.trace(`Using user-data-dir at ${humanPath(args["user-data-dir"])}`)
+  logger.info(`Using user-data-dir ${humanPath(args["user-data-dir"])}`)
+
+  logger.trace(`Using extensions-dir ${humanPath(args["extensions-dir"])}`)
 
   const envPassword = !!process.env.PASSWORD
   const password = args.auth === AuthType.Password && (process.env.PASSWORD || args.password)