diff --git a/base/aaa/user.go b/base/aaa/user.go
index 669f9770..2a6c4f21 100644
--- a/base/aaa/user.go
+++ b/base/aaa/user.go
@@ -23,6 +23,7 @@ const (
 	AVATAR     = "avatar"
 	GENDER     = "gender"
 	MOBILE     = "mobile"
+	PHONE      = "phone"
 	SECRET     = "secret"
 	THEME      = "theme"
 
diff --git a/base/web/serve.go b/base/web/serve.go
index b3586448..d6eb0c19 100644
--- a/base/web/serve.go
+++ b/base/web/serve.go
@@ -236,7 +236,7 @@ func init() {
 			}},
 			SERVE_START: {Hand: func(m *ice.Message, arg ...string) {
 				Count(m, m.ActionKey(), m.Option(tcp.PORT))
-				m.Cmd(SPIDE, mdb.CREATE, kit.Format("http://localhost:%s", m.Option(tcp.PORT)), ice.OPS, nfs.USR_ICONS_CONTEXTS, nfs.REPOS, "")
+				m.Cmd(SPIDE, mdb.CREATE, HostPort(m, "localhost", m.Option(tcp.PORT)), ice.OPS, nfs.USR_ICONS_CONTEXTS, nfs.REPOS, "")
 				m.Cmds(SPIDE).Table(func(value ice.Maps) {
 					kit.If(value[CLIENT_NAME] != ice.OPS && value[TOKEN] != "", func() {
 						m.Cmd(SPACE, tcp.DIAL, ice.DEV, value[CLIENT_NAME], TOKEN, value[TOKEN], mdb.TYPE, SERVER)
diff --git a/base/web/spide.go b/base/web/spide.go
index ee93839a..8f71c653 100644
--- a/base/web/spide.go
+++ b/base/web/spide.go
@@ -2,6 +2,7 @@ package web
 
 import (
 	"bytes"
+	"crypto/tls"
 	"encoding/json"
 	"io"
 	"io/ioutil"
@@ -183,7 +184,12 @@ func _spide_head(m *ice.Message, req *http.Request, head ice.Maps, value ice.Map
 	})
 }
 func _spide_send(m *ice.Message, name string, req *http.Request, timeout string) (*http.Response, error) {
-	client := mdb.HashSelectTarget(m, name, func() ice.Any { return &http.Client{Timeout: kit.Duration(timeout)} }).(*http.Client)
+	client := mdb.HashSelectTarget(m, name, func() ice.Any {
+		if name == ice.OPS {
+			return &http.Client{Timeout: kit.Duration(timeout), Transport: &http.Transport{TLSClientConfig: &tls.Config{InsecureSkipVerify: true}}}
+		}
+		return &http.Client{Timeout: kit.Duration(timeout)}
+	}).(*http.Client)
 	return client.Do(req)
 }
 func _spide_save(m *ice.Message, action, file, uri string, res *http.Response) {
diff --git a/misc/ssh/cert.go b/misc/ssh/cert.go
index 8862ecf0..e404be8c 100644
--- a/misc/ssh/cert.go
+++ b/misc/ssh/cert.go
@@ -39,9 +39,9 @@ func init() {
 	aaa.Index.MergeCommands(ice.Commands{
 		CERT: {Name: "cert path auto", Help: "证书", Actions: ice.MergeActions(ice.Actions{
 			mdb.CREATE: {Name: "create name* country province city street postal company year month=1 day", Hand: func(m *ice.Message, arg ...string) {
-				if nfs.Exists(m, filepath(m, m.Option(mdb.NAME)+nfs.PT+PEM)) {
-					m.Push(PEM, filepath(m, m.Option(mdb.NAME)+nfs.PT+PEM))
-					m.Push(KEY, filepath(m, m.Option(mdb.NAME)+nfs.PT+KEY))
+				if nfs.Exists(m, CertPath(m, m.Option(mdb.NAME)), func(p string) {
+					m.Push(PEM, p).Push(KEY, kit.ExtChange(p, KEY))
+				}) {
 					return
 				}
 				cert := &x509.Certificate{
@@ -123,8 +123,8 @@ func init() {
 		}},
 	})
 }
-func filepath(m *ice.Message, file string) string {
-	return path.Join(ETC_CERT + file)
+func CertPath(m *ice.Message, domain string) string {
+	return path.Join(ETC_CERT+domain) + nfs.PT + PEM
 }
 func loadBlock(m *ice.Message, p string) []byte {
 	block, _ := pem.Decode([]byte(m.Cmdx(nfs.CAT, p)))
diff --git a/misc/ssh/relay/relay.go b/misc/ssh/relay/relay.go
index 756dd289..da1c3031 100644
--- a/misc/ssh/relay/relay.go
+++ b/misc/ssh/relay/relay.go
@@ -265,6 +265,10 @@ func (s relay) Pushkey(m *ice.Message, arg ...string) {
 	}
 }
 func (s relay) Pushbin(m *ice.Message, arg ...string) {
+	if kit.HasPrefixList(arg, ctx.RUN) {
+		m.ProcessXterm("", nil, arg...)
+		return
+	}
 	bin := "ice"
 	switch strings.ToLower(m.Option(KERNEL)) {
 	case cli.LINUX:
@@ -285,14 +289,19 @@ func (s relay) Pushbin(m *ice.Message, arg ...string) {
 		m.Options(nfs.FROM, ice.USR_PUBLISH+bin, nfs.PATH, path.Base(kit.Path("")), nfs.FILE, ice.BIN_ICE_BIN)
 	})
 	m.Cmd(SSH_TRANS, tcp.SEND)
-	if m.Option(web.PORTAL) == tcp.PORT_443 {
+	if m.OptionDefault(web.PORTAL, tcp.PORT_9020) == tcp.PORT_443 {
+		for i := 0; i < 30; i++ {
+			if m.Exists(ssh.CertPath(m.Message, m.Option(tcp.HOST))) {
+				break
+			}
+			m.Sleep("5s")
+		}
 		msg := m.Cmd(ssh.CERT, mdb.CREATE, m.Option(tcp.HOST))
 		m.Cmd(SSH_TRANS, tcp.SEND, nfs.FROM, msg.Append(ssh.KEY), nfs.PATH, m.Option(web.DREAM), nfs.FILE, nfs.ETC_CERT_KEY)
 		m.Cmd(SSH_TRANS, tcp.SEND, nfs.FROM, msg.Append(ssh.PEM), nfs.PATH, m.Option(web.DREAM), nfs.FILE, nfs.ETC_CERT_PEM)
 	}
-	cmd := m.Template(PUSHBIN_SH) + lex.SP + kit.JoinCmds(ice.DEV, m.Option(ice.DEV), tcp.PORT, m.Option(web.PORTAL), tcp.NODENAME, m.OptionDefault(tcp.NODENAME, m.Option(MACHINE)))
+	cmd := "export ctx_dev=" + m.SpideOrigin(ice.DEV) + "; " + m.Template(PUSHBIN_SH) + lex.SP + kit.JoinCmds(ice.DEV, m.Option(ice.DEV), tcp.PORT, m.Option(web.PORTAL), tcp.NODENAME, m.OptionDefault(tcp.NODENAME, m.Option(MACHINE)))
 	s.shell(m, cmd, arg...)
-	m.OptionDefault(web.PORTAL, tcp.PORT_9020)
 	s.Modify(m, kit.Simple(m.OptionSimple(MACHINE, web.DREAM, web.PORTAL))...)
 }