diff --git a/dbSer/couchdb/etc/caddy/proxy.conf b/dbSer/couchdb/etc/caddy/proxy.conf
index 6dbb276..150240f 100644
--- a/dbSer/couchdb/etc/caddy/proxy.conf
+++ b/dbSer/couchdb/etc/caddy/proxy.conf
@@ -1,25 +1,28 @@
 yourdomain.com {
     # 自动申请 TLS 证书
     tls your_email@example.com 
-    # CouchDB 路径路由
-    handle_path /couchdb/* {
-        # 重写路径 (去掉 /couchdb 前缀)
-        rewrite * /{path.trim_prefix('/couchdb')}
-        # 反向代理到本地 CouchDB
-        reverse_proxy http://localhost:5984 {
-            # 关键头部设置
-            header_up Host {http.reverse_proxy.upstream.hostport}
-            header_up X-Forwarded-For {client_host}
-            header_up X-Forwarded-Proto https
-            
-            # 可选：调整超时设置
-            transport http {
-                keepalive 300s
+
+    handle /couchdb/* {
+        @couch path /couchdb
+        redir @couch /couchdb/ permanent
+        handle_path /couchdb/* {
+            rewrite * /{path.trim_prefix('/couchdb')}
+            reverse_proxy http://10.0.0.2:5984 {
+                header_up Host {http.reverse_proxy.upstream.hostport}
+                header_up X-Forwarded-Prefix /couchdb
+                header_up Connection "upgrade"
             }
         }
     }
-    # 可选：非/couchdb路径的默认响应
+    # 禁止直接访问根路径
     handle {
-        respond "CouchDB available at /couchdb/" 404
+        respond "Access via /couchdb/" 403
     }
-}
\ No newline at end of file
+}
+
+## 使用专用子域名 简单
+# couchdb.yourdomain.com {  # 使用专用子域名
+#     reverse_proxy http://localhost:5984 {
+#         header_up Host {http.reverse_proxy.upstream.hostport}
+#     }
+# }
\ No newline at end of file
diff --git a/dbSer/couchdb/etc/couchdb/local.d/local.ini b/dbSer/couchdb/etc/couchdb/local.d/local.ini
index 7a392b6..ddb6acb 100644
--- a/dbSer/couchdb/etc/couchdb/local.d/local.ini
+++ b/dbSer/couchdb/etc/couchdb/local.d/local.ini
@@ -7,6 +7,9 @@ single_node=true
 # 最大文档大小（字节）
 max_document_size = 50000000
 
+[daemons]
+httpd = {chttpd, start_link, [http]}
+
 [chttpd]
 # 要求有效用户认证
 require_valid_user = true
@@ -20,15 +23,22 @@ require_valid_user = true
 authentication_redirect = /_utils/session.html
 
 [httpd]
-secure_rewrites = true
+enable_cors = true  # 开启跨域支持
+secure_rewrites = true  # 强制安全重写
+authentication_handlers = {chttpd_auth, cookie_authentication_handler, default_authentication_handler}
 # 基本认证领域
-WWW-Authenticate = Basic realm="couchdb"
-# 启用 CORS
-enable_cors = true
+WWW-Authenticate = Basic realm="Protected CouchDB"
+
+# 禁止访问 Fauxton 特定路径
+blacklist = "_utils,_session,_active_tasks"
+# 可选：关闭管理功能
+enable_couch_manager = false
+couch_peruser = false
 
 [cors]
 # 允许的源（用逗号分隔）
 origins = app://obsidian.md,capacitor://localhost,http://localhost
+# origins = *
 # 允许发送认证信息
 credentials = true
 # 允许的请求头