diff --git a/playbooks/openresty.yml b/playbooks/openresty.yml
index f6164a2..ca4571f 100644
--- a/playbooks/openresty.yml
+++ b/playbooks/openresty.yml
@@ -1,15 +1,33 @@
-- hosts: all
+---
+- name: setup OpenResty server
+  hosts: icp-aliyun
   become: true
   vars:
-    # Use the inventory hostname for delegation so Ansible
-    # applies the correct connection variables
-    ops_host: "k8s-1"
-    masters:
-      - "k8s-1"
-    nodes:
-      - "k8s-2"
-      - "k8s-3"
+    domain:
+      - name: cn-homepage.svc.plus
+        ssl_certificate: /etc/ssl/svc.plus.pem
+        ssl_certificate_key: /etc/ssl/svc.plus.rsa.key
+      - name: cn-artifact.svc.plus
+        ssl_certificate: /etc/ssl/svc.plus.pem
+        ssl_certificate_key: /etc/ssl/svc.plus.rsa.key
   roles:
     - roles/vhosts/common/
     - roles/vhosts/ssh-trust/
     - roles/vhosts/OpenResty/
+---
+- name: setup OpenResty server
+  hosts: global-hub
+  become: true
+  vars:
+    domain:
+      - name: global-homepage.svc.plus
+        ssl_certificate: /etc/ssl/svc.plus.pem
+        ssl_certificate_key: /etc/ssl/svc.plus.rsa.key
+      - name: global-artifact.svc.plus
+        ssl_certificate: /etc/ssl/svc.plus.pem
+        ssl_certificate_key: /etc/ssl/svc.plus.rsa.key
+  roles:
+    - roles/vhosts/common/
+    - roles/vhosts/ssh-trust/
+    - roles/vhosts/OpenResty/
+
diff --git a/playbooks/roles/vhosts/OpenResty/tasks/main.yml b/playbooks/roles/vhosts/OpenResty/tasks/main.yml
index 5dfd48f..fe46386 100644
--- a/playbooks/roles/vhosts/OpenResty/tasks/main.yml
+++ b/playbooks/roles/vhosts/OpenResty/tasks/main.yml
@@ -39,7 +39,7 @@
 
 - name: Verify OpenResty core API
   shell: |
-    curl -fsS -X POST http://127.0.0.1:8080/api/askai \
+    curl -fsS -X POST http://127.0.0.1/api/askai \
       -H "Content-Type: application/json" \
       -d '{"question":"你好"}'
   register: openresty_verify
diff --git a/playbooks/roles/vhosts/OpenResty/templates/nginx.conf.j2 b/playbooks/roles/vhosts/OpenResty/templates/nginx.conf.j2
index a81f972..ebeaa4a 100644
--- a/playbooks/roles/vhosts/OpenResty/templates/nginx.conf.j2
+++ b/playbooks/roles/vhosts/OpenResty/templates/nginx.conf.j2
@@ -4,9 +4,13 @@ events { worker_connections 1024; }
 http {
     lua_shared_dict limit_cache 10m;
 
+{% for site in domain %}
     server {
         listen 80;
-        server_name localhost;
+        listen 443 ssl;
+        server_name {{ site.name }};
+        ssl_certificate {{ site.ssl_certificate }};
+        ssl_certificate_key {{ site.ssl_certificate_key }};
 
         location /api/askai {
             access_by_lua_block {
@@ -53,4 +57,6 @@ http {
             proxy_pass http://127.0.0.1:5000;
         }
     }
+{% endfor %}
 }
+