diff --git a/docker-compose-full.yml b/docker-compose-full.yml
index 35af83d..885efc4 100644
--- a/docker-compose-full.yml
+++ b/docker-compose-full.yml
@@ -32,7 +32,7 @@ services:
     container_name: email-nginx
     restart: always
     ports:
-      - "7614:80"       # HTTP
+      - "80:80"       # HTTP
       - "443:443"     # HTTPS (需要SSL证书)
       - "25:25"       # SMTP 端口，转发给后端
     volumes:
@@ -40,8 +40,8 @@ services:
       - ./frontend/dist:/usr/share/nginx/html
       # 挂载 Nginx 配置文件
       - ./nginx.full.conf:/etc/nginx/nginx.conf:ro
-      # (可选) 挂载 SSL 证书
-      # - ./certs:/etc/nginx/certs:ro
+      # 挂载 SSL 证书
+      - ./certs:/etc/nginx/certs:ro
     depends_on:
       - backend
       - mysql
diff --git a/nginx.full.conf b/nginx.full.conf
index 08a5f20..fe8f4e6 100644
--- a/nginx.full.conf
+++ b/nginx.full.conf
@@ -1,30 +1,69 @@
-events {}
+worker_processes  1;
+
+events {
+    worker_connections  1024;
+}
 
 http {
-    server {
-        listen 7614;
+    charset utf-8;
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    # 启用 SSL 协议，建议加上 TLSv1.3
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+    sendfile        on;
+    keepalive_timeout  65;
+
+    # HTTP 80 端口，重定向到 HTTPS
+    server {
+        listen 80;
+        server_name mail.shenjianl.cn;  # 改为你自己的域名
+
+        # 统一重定向到 HTTPS
+        return 301 https://$host$request_uri;
+    }
+
+    # HTTPS 443 端口主服务
+    server {
+        listen 443 ssl;
+        server_name mail.shenjianl.cn;  # 改为你自己的域名
+
+        ssl_certificate /etc/nginx/certs/mail.shenjianl.cn_bundle.pem; # 改为你自己的证书文件
+        ssl_certificate_key /etc/nginx/certs/mail.shenjianl.cn.key;    # 改为你自己的密钥文件
+
+        root /usr/share/nginx/html;
+        index index.html;
 
-        # 前端静态文件
         location / {
-            root /usr/share/nginx/html;
-            index index.html;
             try_files $uri $uri/ /index.html;
         }
 
-        # 后端 API 转发
+        # 反向代理 /api 到后端服务
         location /api {
-            proxy_pass http://backend:5182;
+            proxy_pass http://email-backend:5182;
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_set_header X-Forwarded-Proto $scheme;
         }
-    }
-}
 
-stream {
-    server {
-        listen 25;
-        proxy_pass backend:25;
+        # WebSocket 支持
+        location /ws {
+            proxy_pass http://email-backend:5182;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "Upgrade";
+
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+
+            # 设置更长的超时时间以保持 WebSocket 连接
+            proxy_read_timeout 600s;
+            proxy_send_timeout 600s;
+        }
     }
 }