diff --git a/conf/alchemy/ai.conf b/conf/alchemy/ai.conf
new file mode 100644
index 0000000..24efd2f
--- /dev/null
+++ b/conf/alchemy/ai.conf
@@ -0,0 +1,51 @@
+server {
+#     https://serverfault.com/questions/798734/use-variable-for-server-name-in-nginx#
+#     server_name $servername;
+    server_name "ai.alchemy-studio.cn";
+    listen 443 ssl;
+#    listen 80;
+    client_max_body_size 10M;
+
+    # disable in local test env
+     ssl_certificate /etc/letsencrypt/live/alchemy-studio.cn/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/alchemy-studio.cn/privkey.pem; # managed by Certbot
+
+    location / {
+        try_files $uri $uri/ /index.html;
+        proxy_set_header  Host "ai.alchemy-studio.cn";
+        proxy_set_header  X-Real-IP $remote_addr;
+        # disable in local test env
+        proxy_set_header  X-Forwarded-Proto https;
+        proxy_set_header  X-Forwarded-For $remote_addr;
+        proxy_set_header  X-Forwarded-Host $remote_addr;
+    }
+
+    location /api/v1/index {
+
+       return 200 "Ai api index";
+    }
+        add_header Access-Control-Allow-Origin $http_origin always;
+    add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS' always;
+    add_header Access-Control-Allow-Headers 'Authorization,unionid,HtySudoerToken,HtyHost,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type' always;
+    add_header Access-Control-Allow-Credentials true always;
+    add_header Access-Control-Max-Age 86400 always;
+    if ($request_method = 'OPTIONS') {
+        return 200;
+    }
+
+    location /api/v1/ai/ {
+        add_header Access-Control-Allow-Origin $http_origin always;
+        add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS' always;
+        add_header Access-Control-Allow-Headers 'Authorization,HtyAdminToken,HtySudoerToken,HtyHost,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type' always;
+        add_header Access-Control-Allow-Credentials true always;
+        add_header Access-Control-Max-Age 86400 always;
+        if ($request_method = 'OPTIONS') {
+            return 200;
+        }
+
+        auth_basic "ai_api access auth";
+        auth_basic_user_file /usr/local/openresty/nginx/conf.d/.htpasswd;
+
+        proxy_pass http://127.0.0.1:5000/;
+    }
+}