diff --git a/internal/web/actions/default/servers/create.go b/internal/web/actions/default/servers/create.go
index 7d39cf38..b465aab0 100644
--- a/internal/web/actions/default/servers/create.go
+++ b/internal/web/actions/default/servers/create.go
@@ -159,15 +159,30 @@ func (this *CreateAction) RunPost(params struct {
 	reverseProxyRefJSON := []byte{}
 	switch params.ServerType {
 	case serverconfigs.ServerTypeHTTPProxy, serverconfigs.ServerTypeTCPProxy:
-		origins := []*serverconfigs.OriginConfig{}
-		err := json.Unmarshal([]byte(params.Origins), &origins)
+		originConfigs := []*serverconfigs.OriginConfig{}
+		err := json.Unmarshal([]byte(params.Origins), &originConfigs)
 		if err != nil {
 			this.Fail("源站地址解析失败：" + err.Error())
 		}
 
+		originRefs := []*serverconfigs.OriginRef{}
+		for _, originConfig := range originConfigs {
+			if originConfig.Id > 0 {
+				originRefs = append(originRefs, &serverconfigs.OriginRef{
+					IsOn:     true,
+					OriginId: originConfig.Id,
+				})
+			}
+		}
+		originRefsJSON, err := json.Marshal(originRefs)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+
 		resp, err := this.RPC().ReverseProxyRPC().CreateReverseProxy(this.AdminContext(), &pb.CreateReverseProxyRequest{
 			SchedulingJSON:     nil,
-			PrimaryOriginsJSON: []byte(params.Origins),
+			PrimaryOriginsJSON: originRefsJSON,
 			BackupOriginsJSON:  nil,
 		})
 		if err != nil {
diff --git a/internal/web/actions/default/servers/server/settings/tls/index.go b/internal/web/actions/default/servers/server/settings/tls/index.go
index 66b8e5ce..8804f4ec 100644
--- a/internal/web/actions/default/servers/server/settings/tls/index.go
+++ b/internal/web/actions/default/servers/server/settings/tls/index.go
@@ -2,11 +2,15 @@ package tls
 
 import (
 	"encoding/json"
+	"errors"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/serverutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
 	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
+	"github.com/iwind/TeaGo/types"
 )
 
 // TLS设置
@@ -36,8 +40,31 @@ func (this *IndexAction) RunGet(params struct {
 		tlsConfig.IsOn = true
 	}
 
+	// SSL配置
+	var sslPolicy *sslconfigs.SSLPolicy
+	if tlsConfig.SSLPolicyRef != nil && tlsConfig.SSLPolicyRef.SSLPolicyId > 0 {
+		sslPolicyConfigResp, err := this.RPC().SSLPolicyRPC().FindEnabledSSLPolicyConfig(this.AdminContext(), &pb.FindEnabledSSLPolicyConfigRequest{SslPolicyId: tlsConfig.SSLPolicyRef.SSLPolicyId})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		sslPolicyConfigJSON := sslPolicyConfigResp.SslPolicyJSON
+		if len(sslPolicyConfigJSON) > 0 {
+			sslPolicy = &sslconfigs.SSLPolicy{}
+			err = json.Unmarshal(sslPolicyConfigJSON, sslPolicy)
+			if err != nil {
+				this.ErrorPage(err)
+				return
+			}
+		}
+	}
+
 	this.Data["serverType"] = server.Type
-	this.Data["tlsConfig"] = tlsConfig
+	this.Data["tlsConfig"] = maps.Map{
+		"isOn":      tlsConfig.IsOn,
+		"listen":    tlsConfig.Listen,
+		"sslPolicy": sslPolicy,
+	}
 
 	this.Show()
 }
@@ -47,6 +74,8 @@ func (this *IndexAction) RunPost(params struct {
 	ServerType string
 	Addresses  string
 
+	SslPolicyJSON []byte
+
 	Must *actions.Must
 }) {
 	server, _, isOk := serverutils.FindServer(this.Parent(), params.ServerId)
@@ -60,6 +89,71 @@ func (this *IndexAction) RunPost(params struct {
 		this.Fail("端口地址解析失败：" + err.Error())
 	}
 
+	// 校验SSL
+	var sslPolicyId = int64(0)
+	if params.SslPolicyJSON != nil {
+		sslPolicy := &sslconfigs.SSLPolicy{}
+		err = json.Unmarshal(params.SslPolicyJSON, sslPolicy)
+		if err != nil {
+			this.ErrorPage(errors.New("解析SSL配置时发生了错误：" + err.Error()))
+			return
+		}
+
+		sslPolicyId = sslPolicy.Id
+
+		certsJSON, err := json.Marshal(sslPolicy.CertRefs)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+
+		hstsJSON, err := json.Marshal(sslPolicy.HSTS)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+
+		clientCACertsJSON, err := json.Marshal(sslPolicy.ClientCARefs)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+
+		if sslPolicyId > 0 {
+			_, err := this.RPC().SSLPolicyRPC().UpdateSSLPolicy(this.AdminContext(), &pb.UpdateSSLPolicyRequest{
+				SslPolicyId:       sslPolicyId,
+				Http2Enabled:      sslPolicy.HTTP2Enabled,
+				MinVersion:        sslPolicy.MinVersion,
+				CertsJSON:         certsJSON,
+				HstsJSON:          hstsJSON,
+				ClientAuthType:    types.Int32(sslPolicy.ClientAuthType),
+				ClientCACertsJSON: clientCACertsJSON,
+				CipherSuitesIsOn:  sslPolicy.CipherSuitesIsOn,
+				CipherSuites:      sslPolicy.CipherSuites,
+			})
+			if err != nil {
+				this.ErrorPage(err)
+				return
+			}
+		} else {
+			resp, err := this.RPC().SSLPolicyRPC().CreateSSLPolicy(this.AdminContext(), &pb.CreateSSLPolicyRequest{
+				Http2Enabled:      sslPolicy.HTTP2Enabled,
+				MinVersion:        sslPolicy.MinVersion,
+				CertsJSON:         certsJSON,
+				HstsJSON:          hstsJSON,
+				ClientAuthType:    types.Int32(sslPolicy.ClientAuthType),
+				ClientCACertsJSON: clientCACertsJSON,
+				CipherSuitesIsOn:  sslPolicy.CipherSuitesIsOn,
+				CipherSuites:      sslPolicy.CipherSuites,
+			})
+			if err != nil {
+				this.ErrorPage(err)
+				return
+			}
+			sslPolicyId = resp.SslPolicyId
+		}
+	}
+
 	tlsConfig := &serverconfigs.TLSProtocolConfig{}
 	if len(server.TlsJSON) > 0 {
 		err := json.Unmarshal(server.TlsJSON, tlsConfig)
@@ -71,6 +165,11 @@ func (this *IndexAction) RunPost(params struct {
 	}
 	tlsConfig.Listen = addresses
 
+	tlsConfig.SSLPolicyRef = &sslconfigs.SSLPolicyRef{
+		IsOn:        true,
+		SSLPolicyId: sslPolicyId,
+	}
+
 	configData, err := json.Marshal(tlsConfig)
 	if err != nil {
 		this.ErrorPage(err)
diff --git a/web/public/js/components/server/ssl-config-box.js b/web/public/js/components/server/ssl-config-box.js
index 92c7988b..b3b21aa7 100644
--- a/web/public/js/components/server/ssl-config-box.js
+++ b/web/public/js/components/server/ssl-config-box.js
@@ -315,7 +315,7 @@ Vue.component("ssl-config-box", {
 	<input type="hidden" name="sslPolicyJSON" :value="JSON.stringify(policy)"/>
 	<table class="ui table definition selectable">
 		<tbody>
-			<tr>
+			<tr v-show="vProtocol == 'https'">
 				<td class="title">用HTTP/2</td>
 				<td>
 					<div class="ui checkbox">
@@ -325,7 +325,7 @@ Vue.component("ssl-config-box", {
 				</td>
 			</tr>
 			<tr>
-				<td>选择证书</td>
+				<td class="title">选择证书</td>
 				<td>
 					<div v-if="policy.certs != null && policy.certs.length > 0">
 						<div class="ui label small" v-for="(cert, index) in policy.certs">
diff --git a/web/views/@default/servers/server/settings/tls/index.html b/web/views/@default/servers/server/settings/tls/index.html
index 5adec117..ec0ec7d0 100644
--- a/web/views/@default/servers/server/settings/tls/index.html
+++ b/web/views/@default/servers/server/settings/tls/index.html
@@ -1,7 +1,11 @@
 {$layout}
-
 {$template "/left_menu"}
 
+{$var "header"}
+<script src="/servers/components/ssl/datajs" type="text/javascript"></script>
+<script src="/js/sortable.min.js" type="text/javascript"></script>
+{$end}
+
 <div class="right-box">
 	<form class="ui form" data-tea-action="$" data-tea-success="success">
 		<input type="hidden" name="serverId" :value="serverId"/>
@@ -14,6 +18,10 @@
 				</td>
 			</tr>
 		</table>
+
+		<!-- SSL配置 -->
+		<ssl-config-box :v-ssl-policy="tlsConfig.sslPolicy" :v-protocol="'tls'" v-show="tlsConfig.isOn"></ssl-config-box>
+
 		<submit-btn></submit-btn>
 	</form>
 </div>
\ No newline at end of file