diff --git a/frontend/src/api/http.ts b/frontend/src/api/http.ts
index fac5a41..7a28b8a 100644
--- a/frontend/src/api/http.ts
+++ b/frontend/src/api/http.ts
@@ -3,7 +3,8 @@ import axios from 'axios';
 const TOKEN_KEY = 'auth_token';
 
 const http = axios.create({
-  baseURL: import.meta.env.VITE_API_BASE_URL || 'http://localhost:33001',
+  // 🔥 核心修改
+  baseURL: '',
   timeout: 15000,
 });
 
@@ -25,7 +26,6 @@ http.interceptors.response.use(
   (error) => {
     const status = error?.response?.status;
     if (status === 401 || status === 403) {
-      // Clear stored credentials and redirect to login
       localStorage.removeItem(TOKEN_KEY);
       localStorage.removeItem('auth_user');
       window.location.href = '/login';
diff --git a/frontend/vite.config.ts b/frontend/vite.config.ts
index ef54029..c088984 100644
--- a/frontend/vite.config.ts
+++ b/frontend/vite.config.ts
@@ -4,6 +4,7 @@ import react from '@vitejs/plugin-react';
 export default defineConfig({
   plugins: [react()],
   server: {
+    host: true,
     port: 3000,
     host: '0.0.0.0', // 监听所有网络接口
     proxy: {
@@ -17,5 +18,15 @@ export default defineConfig({
       clientPort: 80, // nginx监听80端口，外部代理将HTTPS 443转发到80
       protocol: 'ws', // WebSocket协议，nginx代理WebSocket
     },
+
+    allowedHosts: 'all',
+
+    hmr: {
+      host: 'performance-appraisal.excn.top',
+      protocol: 'wss',
+      clientPort: 443
+    },
+
+    // ❌ 直接删掉 proxy（推荐）
   },
 });
diff --git a/nginx.conf b/nginx.conf
index c423b39..c11ff61 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -1,94 +1,34 @@
-# Nginx configuration for performance appraisal system
-# This file will be mounted into nginx container
+server {
+    listen 80;
+    server_name performance-appraisal.excn.top;
 
-events {
-    worker_connections 1024;
+    if ($http_x_forwarded_proto = "http") {
+        return 301 https://$server_name$request_uri;
+    }
+
+    # 🔥 API（必须放前面 + ^~）
+    location ^~ /api/ {
+
+        rewrite ^/api/api/(.*)$ /api/$1 break;
+
+        proxy_pass http://backend:3001/;
+
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
+
+        add_header X-Debug-API "hit-api";
+    }
+
+    # 前端
+    location / {
+        proxy_pass http://frontend:3000;
+
+        proxy_set_header Host $host;
+
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
 }
-
-http {
-    include       mime.types;
-    default_type  application/octet-stream;
-
-    # Logging
-    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                      '$status $body_bytes_sent "$http_referer" '
-                      '"$http_user_agent" "$http_x_forwarded_for"';
-    access_log  /var/log/nginx/access.log main;
-    error_log   /var/log/nginx/error.log warn;
-
-    # Gzip compression
-    gzip on;
-    gzip_vary on;
-    gzip_min_length 1024;
-    gzip_types text/plain text/css text/xml text/javascript application/javascript application/xml+rss application/json;
-
-    # Real IP configuration for proxy (ESA HTTPS proxy)
-    real_ip_header X-Forwarded-For;
-    set_real_ip_from 0.0.0.0/0;  # Trust all proxies (adjust if you know ESA proxy IPs)
-
-    # Server block for domain
-    server {
-        listen 80;
-        server_name performance-appraisal.excn.top;
-
-        # Redirect to HTTPS if request came via HTTP (not from ESA proxy)
-        if ($http_x_forwarded_proto = "http") {
-            return 301 https://$server_name$request_uri;
-        }
-
-        # Frontend React development server (via Docker network)
-        location / {
-            proxy_pass http://frontend:3000;
-            proxy_set_header Host $host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
-
-            # WebSocket support for hot reload (development)
-            proxy_http_version 1.1;
-            proxy_set_header Upgrade $http_upgrade;
-            proxy_set_header Connection "upgrade";
-        }
-
-        # Backend API reverse proxy
-        location /api/ {
-            proxy_pass http://backend:3001/;
-            proxy_set_header Host $host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
-
-            # Increase timeout for long-running AI requests
-            proxy_read_timeout 120s;
-            proxy_connect_timeout 15s;
-            proxy_send_timeout 15s;
-        }
-
-        # Static assets (if any)
-        location /assets/ {
-            proxy_pass http://frontend:3000/assets/;
-            proxy_set_header Host $host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
-
-            # Cache static assets
-            expires 30d;
-            add_header Cache-Control "public, immutable";
-        }
-
-        # Health check endpoint
-        location /health {
-            access_log off;
-            return 200 "healthy\n";
-            add_header Content-Type text/plain;
-        }
-    }
-
-    # Optional: Redirect www to non-www
-    server {
-        listen 80;
-        server_name www.performance-appraisal.excn.top;
-        return 301 https://performance-appraisal.excn.top$request_uri;
-    }
-}
\ No newline at end of file