diff --git a/backend/config.py b/backend/config.py
index e25ee8d..e4aeb22 100644
--- a/backend/config.py
+++ b/backend/config.py
@@ -9,5 +9,8 @@ SECRET_KEY = os.getenv("SECRET_KEY", "airlabs-project-secret-key-change-in-produ
 ALGORITHM = "HS256"
 ACCESS_TOKEN_EXPIRE_MINUTES = 60 * 24  # 24 小时
 
+# CORS
+CORS_ORIGINS = os.getenv("CORS_ORIGINS", "*").split(",")
+
 # 成本计算
 WORKING_DAYS_PER_MONTH = 22
diff --git a/backend/main.py b/backend/main.py
index ffccbdc..58e34dd 100644
--- a/backend/main.py
+++ b/backend/main.py
@@ -13,10 +13,11 @@ Base.metadata.create_all(bind=engine)
 
 app = FastAPI(title="AirLabs Project", version="1.0.0")
 
-# CORS（开发阶段允许所有来源）
+# CORS
+from config import CORS_ORIGINS
 app.add_middleware(
     CORSMiddleware,
-    allow_origins=["*"],
+    allow_origins=CORS_ORIGINS,
     allow_credentials=True,
     allow_methods=["*"],
     allow_headers=["*"],
diff --git a/backend/requirements.txt b/backend/requirements.txt
index 38c85ae..9fd390c 100644
--- a/backend/requirements.txt
+++ b/backend/requirements.txt
@@ -4,4 +4,5 @@ sqlalchemy
 pydantic
 python-jose[cryptography]
 passlib[bcrypt]
+bcrypt==4.0.1
 python-multipart
diff --git a/frontend/.env.development b/frontend/.env.development
new file mode 100644
index 0000000..e3b0e79
--- /dev/null
+++ b/frontend/.env.development
@@ -0,0 +1 @@
+VITE_API_BASE_URL=http://localhost:8000/api
diff --git a/frontend/.env.production b/frontend/.env.production
new file mode 100644
index 0000000..6b2e961
--- /dev/null
+++ b/frontend/.env.production
@@ -0,0 +1 @@
+VITE_API_BASE_URL=https://airlabs-manage-api.airlabs.art/api
diff --git a/frontend/nginx.conf b/frontend/nginx.conf
index 04c79ae..7907a6e 100644
--- a/frontend/nginx.conf
+++ b/frontend/nginx.conf
@@ -2,15 +2,6 @@ server {
     listen 80;
     server_name localhost;
 
-    # API 代理到后端服务（K8s 内部通信）
-    location /api {
-        proxy_pass http://airlabs-manage-backend:8000;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-    }
-
     location / {
         root /usr/share/nginx/html;
         index index.html index.htm;
diff --git a/frontend/src/api/index.js b/frontend/src/api/index.js
index 7d7a6fd..9d489fb 100644
--- a/frontend/src/api/index.js
+++ b/frontend/src/api/index.js
@@ -3,7 +3,7 @@ import { ElMessage } from 'element-plus'
 import router from '../router'
 
 const api = axios.create({
-  baseURL: '/api',
+  baseURL: import.meta.env.VITE_API_BASE_URL || '/api',
   timeout: 30000,
 })
 
diff --git a/k8s/backend-deployment-prod.yaml b/k8s/backend-deployment-prod.yaml
index 244dea2..94c48ab 100644
--- a/k8s/backend-deployment-prod.yaml
+++ b/k8s/backend-deployment-prod.yaml
@@ -39,6 +39,9 @@ spec:
         # 生产环境 JWT 密钥（部署前请修改）
         - name: SECRET_KEY
           value: "Ui5-xEvtAhKRDtlXKzDfd7TElsVZFUhakff0qcjn8jU"
+        # CORS 允许的域名
+        - name: CORS_ORIGINS
+          value: "https://airlabs-manage-web.airlabs.art"
         volumeMounts:
         - name: sqlite-data
           mountPath: /app/data