diff --git a/docs/docs/guides/reverse_proxy.md b/docs/docs/guides/reverse_proxy.md
new file mode 100644
index 000000000..33700708b
--- /dev/null
+++ b/docs/docs/guides/reverse_proxy.md
@@ -0,0 +1,66 @@
+---
+id: reverse_proxy
+title: Setting up a Reverse Proxy
+---
+This guide outlines the configuration steps needed to expose your Frigate UI to the internet in a secure manner.
+A common way of accomplishing this is to use a reverse proxy webserver between your router and your Frigate instance.
+
+A reverse proxy accepts HTTP requests the public internet and redirects them transparently to an internal webserver on your network.
+The suggested steps are:
+- **Configure** a 'proxy' HTTP webserver (such as [Apache2](https://httpd.apache.org/docs/current/)) and only expose ports 80/443 from this webserver to the internet
+- **Secure** the proxy by installing SSL (such as with [Let's Encrypt](https://letsencrypt.org/)). Note that SSL is then not necessary on your Frigate webserver as the proxy wraps all requests for you
+- **Restrict** access to your Frigate instance at the proxy using, for example, password authentication
+## Apache2 Reverse Proxy
+
+In the configuration examples below, only the directives relevant to the reverse proxy approach above are included.
+On Debian Apache2 the configuration file will be named along the lines of `/etc/apache2/sites-available/cctv.conf`
+### Step 1: Configure the Apache2 Reverse Proxy
+Make life easier for yourself by presenting your Frigate interface as a DNS sub-domain rather than as a sub-folder of your main domain.
+Here we access Frigate via https://cctv.mydomain.co.uk
+```xml
+
+ ServerName cctv.mydomain.co.uk
+
+ ProxyPreserveHost On
+ ProxyPass "/" "http://frigatepi.local:5000/"
+ ProxyPassReverse "/" "http://frigatepi.local:5000/"
+
+ ProxyPass /ws ws://frigatepi.local:5000/ws
+ ProxyPassReverse /ws ws://frigatepi.local:5000/ws
+
+ ProxyPass /live/ ws://frigatepi.local:5000/live/
+ ProxyPassReverse /live/ ws://frigatepi.local:5000/live/
+
+ RewriteEngine on
+ RewriteCond %{HTTP:Upgrade} =websocket [NC]
+ RewriteRule /(.*) ws://frigatepi.local:5000/$1 [P,L]
+ RewriteCond %{HTTP:Upgrade} !=websocket [NC]
+ RewriteRule /(.*) http://frigatepi.local:5000/$1 [P,L]
+
+```
+### Step 2: Use SSL to encrypt access to your Frigate instance
+Whilst this won't, on its own, stop access to your Frigate webserver it will encrypt all content (such a login credentials).
+Installing SSL is beyond the scope of this document but [Let's Encrypt](https://letsencrypt.org/) is a widely used approach.
+
+This Apache2 configuration snippet then results in unencrypted requests being redirected to webserver SSL port
+```xml
+
+ ServerName cctv.mydomain.co.uk
+
+ RewriteEngine on
+ RewriteCond %{SERVER_NAME} =cctv.mydomain.co.uk
+ RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
+
+```
+### Step 3: Authenticate users at the proxy
+There are many ways to authenticate a website but a simple straightforward approach is to use [Apache2 password files](https://httpd.apache.org/docs/2.4/howto/auth.html).
+```xml
+
+
+ AuthType Basic
+ AuthName "Restricted Files"
+ AuthUserFile "/var/www/passwords"
+ Require user paul
+
+
+```
\ No newline at end of file
diff --git a/docs/sidebars.js b/docs/sidebars.js
index 51a157701..19465bb20 100644
--- a/docs/sidebars.js
+++ b/docs/sidebars.js
@@ -8,6 +8,7 @@ module.exports = {
"guides/false_positives",
"guides/ha_notifications",
"guides/stationary_objects",
+ "guides/reverse_proxy",
],
Configuration: [
"configuration/index",