diff --git a/files/192.238.204.39/Caddyfile b/files/192.238.204.39/Caddyfile
index d360a63..8b270e0 100644
--- a/files/192.238.204.39/Caddyfile
+++ b/files/192.238.204.39/Caddyfile
@@ -47,7 +47,20 @@
 		Permissions-Policy "camera=(), microphone=(), geolocation=()"
 
 		# Content-Security-Policy (CSP) - 通用起点
-		Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests;"
+		#Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests;"
+		
+		# 允许本域 + 两个远程音频/视频域
+		Content-Security-Policy "
+      			default-src 'self';
+      			style-src 'self' 'unsafe-inline';
+      			script-src 'self' 'unsafe-inline';
+      			img-src 'self' https://bandu-resources.songy.info data:;
+      			media-src 'self' https://bandu-resources.songy.info https://pili-vod.songy.info;
+      			object-src 'none';
+      			frame-ancestors 'none';
+      			upgrade-insecure-requests;
+    		"
+		
 
 		# 移除 Server 标识
 		-Server
@@ -67,6 +80,12 @@
 	import securityHeaders
 }
 
+xuesheng.10000h.de {
+        root * /srv/xuesheng.10000h.de
+        file_server
+        import securityHeaders
+}
+
 daed.10000h.de {
 	reverse_proxy http://127.0.0.1:2023
 	import securityHeaders
@@ -143,6 +162,22 @@ kubepi.10000h.de {
 	import securityHeaders
 }
 
+nextcloud.10000h.de {
+    reverse_proxy 127.0.0.1:8082 {
+        header_up Host {host}
+        header_up X-Forwarded-Host {host}
+        header_up X-Forwarded-Proto {scheme}
+    }
+}
+
+openclaw.10000h.de {
+    @nctalk path /channels/nextcloud-talk/webhook
+    reverse_proxy @nctalk 127.0.0.1:8788
+
+    @webui not path /channels/nextcloud-talk/webhook
+    reverse_proxy @webui 127.0.0.1:18789
+}
+
 # ------------------------------
 # k3s Services
 # ------------------------------