diff --git a/.docker/openresty/entrypoint.sh b/.docker/openresty/entrypoint.sh
index 1504f017..7fb4bd1f 100644
--- a/.docker/openresty/entrypoint.sh
+++ b/.docker/openresty/entrypoint.sh
@@ -42,6 +42,9 @@ echo_info "NP_DOMAIN: $NP_DOMAIN"
 # 检查证书是否存在
 if [ -f "$CERT_DIR/$FULLCHAIN" ] && [ -f "$CERT_DIR/$PRIVATE_KEY" ]; then
     echo_info "ssl certs already exists at: ${CERT_DIR}"
+    chmod 644 "$CERT_DIR/$FULLCHAIN"
+    chmod 644 "$CERT_DIR/$PRIVATE_KEY"
+    ls -l "$CERT_DIR"
 else
     echo_info "no ssl certs at: ${CERT_DIR}"
     USE_HTTPS="0"
diff --git a/.docker/openresty/sites/app.conf.template b/.docker/openresty/sites/app.conf.template
index 800c01e1..a2b4a4d5 100644
--- a/.docker/openresty/sites/app.conf.template
+++ b/.docker/openresty/sites/app.conf.template
@@ -7,7 +7,7 @@ server {
     index index.php index.html;
 
     ssl_certificate     /certs/fullchain.pem;
-    ssl_certificate_key /certs/private.pem;
+    ssl_certificate_key /certs/private.key;
 
     location = /favicon.ico {
         log_not_found off;
diff --git a/.docker/openresty/sites/phpmyadmin.conf.template b/.docker/openresty/sites/phpmyadmin.conf.template
index 152c73ee..211a90af 100644
--- a/.docker/openresty/sites/phpmyadmin.conf.template
+++ b/.docker/openresty/sites/phpmyadmin.conf.template
@@ -4,7 +4,7 @@ server {
     server_name ${PHPMYADMIN_SERVER_NAME};
 
     ssl_certificate     /certs/fullchain.pem;
-    ssl_certificate_key /certs/private.pem;
+    ssl_certificate_key /certs/private.key;
 
     location / {
         proxy_pass http://phpmyadmin:80;
diff --git a/docker-compose.yml b/docker-compose.yml
index a75608be..2c17c2dc 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -73,7 +73,7 @@ services:
       - phpmyadmin
     command: ["/bin/sh", "/usr/local/bin/entrypoint.sh"]
     ports:
-      - "${NP_PORT:-80}:80"
+      - "${NP_PORT:-80}:${NP_PORT:-80}"
     logging:
       driver: "json-file"
       options: