diff --git a/internal/nodes/listener_base.go b/internal/nodes/listener_base.go
index 5046c05..312e229 100644
--- a/internal/nodes/listener_base.go
+++ b/internal/nodes/listener_base.go
@@ -40,6 +40,10 @@ func (this *BaseListener) buildTLSConfig() *tls.Config {
 				return nil, err
 			}
 
+			if tlsPolicy == nil {
+				return nil, nil
+			}
+
 			tlsPolicy.CheckOCSP()
 
 			return tlsPolicy.TLSConfig(), nil
@@ -62,7 +66,7 @@ func (this *BaseListener) buildTLSConfig() *tls.Config {
 
 // 根据域名匹配证书
 func (this *BaseListener) matchSSL(domain string) (*sslconfigs.SSLPolicy, *tls.Certificate, error) {
-	group := this.Group
+	var group = this.Group
 
 	if group == nil {
 		return nil, nil, errors.New("no configure found")
diff --git a/internal/nodes/listener_http.go b/internal/nodes/listener_http.go
index a45cdf0..d092acd 100644
--- a/internal/nodes/listener_http.go
+++ b/internal/nodes/listener_http.go
@@ -139,10 +139,10 @@ func (this *HTTPListener) ServeHTTP(rawWriter http.ResponseWriter, rawReq *http.
 	// TLS域名
 	if this.isIP(reqHost) {
 		if rawReq.TLS != nil {
-			serverName := rawReq.TLS.ServerName
+			var serverName = rawReq.TLS.ServerName
 			if len(serverName) > 0 {
 				// 端口
-				index := strings.LastIndex(reqHost, ":")
+				var index = strings.LastIndex(reqHost, ":")
 				if index >= 0 {
 					reqHost = serverName + reqHost[index:]
 				} else {
@@ -154,7 +154,7 @@ func (this *HTTPListener) ServeHTTP(rawWriter http.ResponseWriter, rawReq *http.
 
 	// 防止空Host
 	if len(reqHost) == 0 {
-		ctx := rawReq.Context()
+		var ctx = rawReq.Context()
 		if ctx != nil {
 			addr := ctx.Value(http.LocalAddrContextKey)
 			if addr != nil {
@@ -176,6 +176,8 @@ func (this *HTTPListener) ServeHTTP(rawWriter http.ResponseWriter, rawReq *http.
 		} else {
 			serverName = domain
 		}
+	} else if !server.CNameAsDomain && server.CNameDomain == domain {
+		server = this.emptyServer()
 	}
 
 	// 绑定连接
diff --git a/internal/nodes/listener_tcp.go b/internal/nodes/listener_tcp.go
index 14f28bc..47f7a70 100644
--- a/internal/nodes/listener_tcp.go
+++ b/internal/nodes/listener_tcp.go
@@ -248,7 +248,7 @@ func (this *TCPListener) connectOrigin(serverId int64, reverseProxy *serverconfi
 			return
 		}
 	}
-	err = errors.New("no origin server can be used")
+	err = errors.New("server '" + types.String(serverId) + "': no available origin server can be used")
 	return
 }
 
diff --git a/internal/nodes/listener_udp.go b/internal/nodes/listener_udp.go
index 416fff5..f96fc93 100644
--- a/internal/nodes/listener_udp.go
+++ b/internal/nodes/listener_udp.go
@@ -171,7 +171,7 @@ func (this *UDPListener) connectOrigin(serverId int64, reverseProxy *serverconfi
 			return
 		}
 	}
-	err = errors.New("no origin server can be used")
+	err = errors.New("server '" + types.String(serverId) + "': no available origin server can be used")
 	return
 }