diff --git a/Dockerfile b/Dockerfile
index c5da823..37984c3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -8,9 +8,8 @@ RUN set -ex \
     && rm -rf /var/cache/apk/* \
     && cp -r ./db ./db_bak
 
-ENV HOST=0.0.0.0
-ENV TZ=Asia/Shanghai
-ENV CSRF_TRUSTED_ORIGINS=""
+ENV HOST="0.0.0.0"
+ENV TZ="Asia/Shanghai"
 
 EXPOSE 21114/tcp
 EXPOSE 21114/udp
diff --git a/README.md b/README.md
index 531f538..dfa489b 100644
--- a/README.md
+++ b/README.md
@@ -89,9 +89,8 @@ docker run 命令：
 docker run -d \
   --name rustdesk-api-server \
   -p 21114:21114 \
-  -e HOST=0.0.0.0 \
-  -e TZ=Asia/Shanghai \
-  -e CSRF_TRUSTED_ORIGINS=http://yourdomain.com:21114 \ #修改CSRF_TRUSTED_ORIGINS为你的访问地址，SSL以https开头
+  -e CSRF_TRUSTED_ORIGINS=http://yourdomain.com:21114 \ #防跨域信任来源，可选
+  -e ID_SERVER=yourdomain.com \ #Web控制端使用的ID服务器
   -v /yourpath/db:/rustdesk-api-server/db \ #修改/yourpath/db为你宿主机数据库挂载目录
   -v /etc/timezone:/etc/timezone:ro \
   -v /etc/localtime:/etc/localtime:ro \
@@ -109,9 +108,8 @@ services:
     container_name: rustdesk-api-server
     image: ghcr.io/kingmo888/rustdesk-api-server:latest
     environment:
-      - HOST=0.0.0.0
-      - TZ=Asia/Shanghai
-      - CSRF_TRUSTED_ORIGINS=http://yourdomain.com:21114 #修改CSRF_TRUSTED_ORIGINS为你的访问地址，SSL以https开头
+      - CSRF_TRUSTED_ORIGINS=http://yourdomain.com:21114 #防跨域信任来源，可选
+      - ID_SERVER=yourdomain.com #Web控制端使用的ID服务器
     volumes:
       - /yourpath/db:/rustdesk-api-server/db #修改/yourpath/db为你宿主机数据库挂载目录
       - /etc/timezone:/etc/timezone:ro
@@ -121,6 +119,18 @@ services:
       - "21114:21114"
     restart: unless-stopped
 ```
+
+## 环境变量
+
+| 变量名 | 参考值 | 备注 |
+| ---- | ------- | ----------- |
+| `HOST` | 默认 `0.0.0.0` | 绑定服务的IP |
+| `TZ` | 默认 `Asia/Shanghai`，可选 | 时区 |
+| `SECRET_KEY` | 可选，自定义一串随机字符 | 程序加密秘钥 |
+| `CSRF_TRUSTED_ORIGINS` | 可选，默认关闭验证；<br>如需开启填写你的访问地址 `http://yourdomain.com:21114` <br>**如需关闭验证请删除此变量，而不是留空** | 防跨域信任来源 |
+| `ID_SERVER` | 可选，默认为和API服务器同主机。<br>可自定义如 `yourdomain.com` | Web控制端使用的ID服务器 |
+| `DEBUG` | 可选，默认 `False` | 调试模式 |
+
 ## 使用问题
 
 - 管理员设置
@@ -134,34 +144,36 @@ services:
 - 连接速度慢
 
   新版本Key模式链接速度慢，可以在服务端启动服务时，不要带参数的-k，此时，客户端也不能配置key。
-  
-- Web控制端启用
 
-  修改rustdesk_server_api/settings.py文件中ID_SERVER配置项，将ID服务器/中继服务器IP或域名填上。
+- Web控制端配置
+
+  - 设置ID_SERVER环境变量，或修改rustdesk_server_api/settings.py文件中ID_SERVER配置项，将ID服务器/中继服务器IP或域名填上。
 
 - Web控制端一直转圈
 
-  web控制端目前仅支持非SSL模式，若webui为https访问，请将s去掉，否则ws连不上一直转圈。如：https://domain.com/webui，改为http://domain.com/webui
-  
+  - 检查ID服务器填写是否正确
+
+  - Web控制端目前仅支持非SSL模式，若webui为https访问，请将s去掉，否则ws连不上一直转圈。如：https://domain.com/webui，改为http://domain.com/webui
+
 - 后台操作登录或登出时：CSRF验证失败. 请求被中断.
 
   这种操作大概率是docker配置+nginx反代+SSL的组合，要注意修改CSRF_TRUSTED_ORIGINS，如果是ssl那就是https开头，否则就是http。
 
-## [x] 开发计划
+## 开发计划
 
-- [x] 分享设备给其他已注册用户（v1.3）
+- [x] 分享设备给其他已注册用户（v1.3+）
 
   > 说明：类似网盘url分享，url激活后可以获得某个或某组或某个标签下的设备
   > 备注：其实web api作为中间件，可做的不多，更多功能还是需要修改客户端来实现，就不太值当了。
 
-- [x] 集成Web客户端形式
+- [x] 集成Web客户端形式（v1.4+）
 
-  > 将大神的web客户端集成进来,已集成。 [来源](https://www.52pojie.cn/thread-1708319-1-1.html)
+  > 将大神的web客户端集成进来，已集成。 [来源](https://www.52pojie.cn/thread-1708319-1-1.html)
 
 ## 其他相关工具
 
-[可以修改客户端ID的CMD脚本](https://github.com/abdullah-erturk/RustDesk-ID-Changer)
+- [可以修改客户端ID的CMD脚本](https://github.com/abdullah-erturk/RustDesk-ID-Changer)
 
-[rustdesk](https://github.com/rustdesk/rustdesk)
+- [rustdesk](https://github.com/rustdesk/rustdesk)
 
-[rustdesk-server](https://github.com/rustdesk/rustdesk-server)
\ No newline at end of file
+- [rustdesk-server](https://github.com/rustdesk/rustdesk-server)
\ No newline at end of file
diff --git a/api/templates/base.html b/api/templates/base.html
index d39baa5..f28ab30 100644
--- a/api/templates/base.html
+++ b/api/templates/base.html
@@ -1,45 +1,47 @@
-{% load static %}<!DOCTYPE html>
+{% load static %}
+<!DOCTYPE html>
 <html>
+
 <head>
-<meta charset="utf-8">
-<title>{% block title %}{% endblock %}</title>
-<meta name="renderer" content="webkit">
-<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
-<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
-<link rel="stylesheet" href="{% static 'layui/css/layui.css' %}">
-{% block link %}{% endblock %}
+    <meta charset="utf-8">
+    <title>{% block title %}{% endblock %}</title>
+    <meta name="renderer" content="webkit">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
+    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
+    <link rel="stylesheet" href="{% static 'layui/css/layui.css' %}">
+    {% block link %}{% endblock %}
 </head>
+
 <body>
-<script src={% static "layui/layui.js" %}></script>
-<script>
-layui.use('element', function(){
-var element = layui.element; //导航的hover效果、二级菜单等功能，需要依赖element模块
+    <script src={% static "layui/layui.js" %}></script>
+    <script>
+        layui.use('element', function () {
+            var element = layui.element; //导航的hover效果、二级菜单等功能，需要依赖element模块
 
-//监听导航点击
-element.on('nav(demo)', function(elem){
-//console.log(elem)
-layer.msg(elem.text());
-});
-});
-</script>
+            //监听导航点击
+            element.on('nav(demo)', function (elem) {
+                //console.log(elem)
+                layer.msg(elem.text());
+            });
+        });
+    </script>
 
-<ul class="layui-nav">
-<li class="layui-nav-item"><a href="/">首页</a></li>
-<li class="layui-nav-item"><a href="/api/share">分享</a></li>
-<li class="layui-nav-item"><a href="/webui">网页控制</a></li>
+    <ul class="layui-nav">
+        <li class="layui-nav-item"><a href="/">首页</a></li>
+        <li class="layui-nav-item"><a href="/api/share">分享</a></li>
+        <li class="layui-nav-item"><a href="/webui" target="_blank">网页控制</a></li>
 
-{% if u.is_admin %}
-<li class="layui-nav-item"><a href="/admin">管理后台</a>
-</li>
-{% endif %}
+        {% if u.is_admin %}
+        <li class="layui-nav-item"><a href="/admin" target="_blank">管理后台</a>
+        </li>
+        {% endif %}
 
-</ul>
-
-<fieldset class="layui-elem-field layui-field-title" style="margin-top: 20px;">
-<legend>{% block legend_name %}{% endblock %}</legend>
-</fieldset>   
-
-{% block content %}{% endblock %}
+    </ul>
 
+    <fieldset class="layui-elem-field layui-field-title" style="margin-top: 20px;">
+        <legend>{% block legend_name %}{% endblock %}</legend>
+    </fieldset>
+    {% block content %}{% endblock %}
 </body>
+
 </html>
\ No newline at end of file
diff --git a/api/templates/show_work.html b/api/templates/show_work.html
index 992480f..074a873 100644
--- a/api/templates/show_work.html
+++ b/api/templates/show_work.html
@@ -1,118 +1,97 @@
 {% extends "base.html" %}
 {% block title %}RustDesk WebUI{% endblock %}
 {% block legend_name %}综合屏{% endblock %}
-{% block content %} 
+{% block content %}
 <div style="padding: 20px; background-color: #F2F2F2;">
   <div class="layui-row layui-col-space15">
- <div class="layui-col-md15">
+    <div class="layui-col-md15">
       <div class="layui-card">
         <div class="layui-card-header">设备统计 - 【用户名:{{u.username}}】</div>
         <div class="layui-card-body">
-  <table class="layui-table">
-    <colgroup>
-      <col width="30">
-      <col width="30">
-      <col width="100">
-      <col>
-    </colgroup>
-    <thead>
-      <tr>
-        <th>客户端ID</th>
-        <th>版本</th>
-        <th>连接密码</th>
-        <th>系统用户名</th>
-        <th>计算机名</th>
-        <th>别名</th>
-        <th>平台</th>
-        <th>系统</th>
-        <th>CPU</th>
-        <th>内存</th>
-        <th>注册时间</th>
-        <th>更新时间</th>
-
-      </tr> 
-    </thead>
-    <tbody>
-	
-	{% for one in single_info %}
-      <tr>
-        <td>{{one.rid}} </td>
-        <td>{{one.version}}		</td>
-        <td>{{one.has_rhash}}		</td>
-        <td>{{one.username}}		</td>
-        <td>{{one.hostname}}		</td>
-        <td>{{one.alias}}		</td>
-        <td>{{one.platform}}		</td>
-        <td>{{one.os}}		</td>
-        <td>{{one.cpu}}		</td>
-        <td>{{one.memory}}		</td>
-        <td>{{one.create_time}}		</td>
-        <td>{{one.update_time}}		</td>
-
-		
-
-      </tr>
-      {% endfor %}
-    </tbody>
-  </table>
+          <table class="layui-table">
+            <thead>
+              <tr>
+                <th>客户端ID</th>
+                <th>版本</th>
+                <th>连接密码</th>
+                <th>系统用户名</th>
+                <th>计算机名</th>
+                <th>别名</th>
+                <th>平台</th>
+                <th>系统</th>
+                <th>CPU</th>
+                <th>内存</th>
+                <th>注册时间</th>
+                <th>更新时间</th>
+              </tr>
+            </thead>
+            <tbody>
+              {% for one in single_info %}
+              <tr>
+                <td>{{one.rid}} </td>
+                <td>{{one.version}}</td>
+                <td>{{one.has_rhash}}</td>
+                <td>{{one.username}}</td>
+                <td>{{one.hostname}}</td>
+                <td>{{one.alias}}</td>
+                <td>{{one.platform}}</td>
+                <td>{{one.os}}</td>
+                <td>{{one.cpu}}</td>
+                <td>{{one.memory}}</td>
+                <td>{{one.create_time}}</td>
+                <td>{{one.update_time}}</td>
+              </tr>
+              {% endfor %}
+            </tbody>
+          </table>
         </div>
       </div>
     </div>
-    
-    
-{% if u.is_admin %}
-<div class="layui-col-md15">
+
+    {% if u.is_admin %}
+    <div class="layui-col-md15">
       <div class="layui-card">
         <div class="layui-card-header">全部用户</div>
         <div class="layui-card-body">
-  <table class="layui-table">
-    <colgroup>
-      <col width="30">
-      <col width="30">
-      <col width="100">
-      <col>
-    </colgroup>
-    <thead>
-      <tr>
-        <th>客户端ID</th>
-        <th>所属用户</th>
-        <th>版本</th>
-        <th>系统用户名</th>
-        <th>计算机名</th>
-        <th>系统</th>
-        <th>CPU</th>
-        <th>内存</th>
-        <th>注册时间</th>
-        <th>更新时间</th>
+          <table class="layui-table">
+            <thead>
+              <tr>
+                <th>客户端ID</th>
+                <th>所属用户</th>
+                <th>版本</th>
+                <th>系统用户名</th>
+                <th>计算机名</th>
+                <th>系统</th>
+                <th>CPU</th>
+                <th>内存</th>
+                <th>注册时间</th>
+                <th>更新时间</th>
+              </tr>
+            </thead>
+            <tbody>
 
-      </tr> 
-    </thead>
-    <tbody>
-	
-	{% for one in all_info %}
-      <tr>
-        <td>{{one.rid}} </td>
-        <td>{{one.rust_user}}		</td>
-        <td>{{one.version}}		</td>
-        <td>{{one.username}}		</td>
-        <td>{{one.hostname}}		</td>
-        <td>{{one.os}}		</td>
-        <td>{{one.cpu}}		</td>
-        <td>{{one.memory}}		</td>
-        <td>{{one.create_time}}		</td>
-        <td>{{one.update_time}}		</td>
-
-		
-
-      </tr>
-      {% endfor %}
-    </tbody>
-  </table>
+              {% for one in all_info %}
+              <tr>
+                <td>{{one.rid}} </td>
+                <td>{{one.rust_user}} </td>
+                <td>{{one.version}} </td>
+                <td>{{one.username}} </td>
+                <td>{{one.hostname}} </td>
+                <td>{{one.os}} </td>
+                <td>{{one.cpu}} </td>
+                <td>{{one.memory}} </td>
+                <td>{{one.create_time}} </td>
+                <td>{{one.update_time}} </td>
+              </tr>
+              {% endfor %}
+            </tbody>
+          </table>
         </div>
       </div>
     </div>
-{% endif %}
+    {% endif %}
 
-</div></div>
+  </div>
+</div>
 
 {% endblock %}
\ No newline at end of file
diff --git a/api/views_front.py b/api/views_front.py
index 3f48324..73441fd 100644
--- a/api/views_front.py
+++ b/api/views_front.py
@@ -65,7 +65,7 @@ def model_to_dict2(instance, fields=None, exclude=None, replace=None, default=No
         # 如果exclude 传递了，要进行判断
         if exclude and f.name in exclude:
             continue
- 
+
         key = f.name
         # 获取字段对应的数据
         if type(f) == DateTimeField:
@@ -122,7 +122,7 @@ def user_login(request):
     password = request.POST.get('password', '')
     if not username or not password:
         return JsonResponse({'code':0, 'msg':'出了点问题。'})
-    
+
     user = auth.authenticate(username=username,password=password)
     if user:
         auth.login(request, user)
@@ -146,7 +146,7 @@ def user_register(request):
         info = '用户名不得小于3位'
         result['msg'] = info
         return JsonResponse(result)
-    
+
     if len(password1)<8 or len(password1)>20:
         info = '密码长度不符合要求, 应在8~20位。'
         result['msg'] = info
@@ -188,7 +188,7 @@ def get_single_info(uid):
 
     for rid in peers.keys():
         peers[rid]['has_rhash'] = '是' if len(peers[rid]['rhash'])>1 else '否'
-    
+
     return [v for k,v in peers.items()]
 
 def get_all_info():
@@ -199,7 +199,7 @@ def get_all_info():
         user = UserProfile.objects.filter(Q(id=peer.uid)).first()
         device = devices.get(peer.rid, None)
         if device:
-            devices['rust_user'] = user.username
+            devices[peer.rid]['rust_user'] = user.username
     return [v for k,v in devices.items()]
 
 @login_required(login_url='/api/user_action?action=login')
@@ -225,14 +225,14 @@ def check_sharelink_expired(sharelink):
         sharelink.is_expired = True
         sharelink.save()
         return True
-    
+
 
 @login_required(login_url='/api/user_action?action=login')
 def share(request):
     peers = RustDeskPeer.objects.filter(Q(uid=request.user.id))
     sharelinks = ShareLink.objects.filter(Q(uid=request.user.id) & Q(is_used=False) & Q(is_expired=False))
-    
-    
+
+
     # 省资源：处理已过期请求，不主动定时任务轮询请求，在任意地方请求时，检查是否过期，过期则保存。
     now = datetime.datetime.now()
     for sl in sharelinks:
@@ -240,7 +240,7 @@ def share(request):
     sharelinks = ShareLink.objects.filter(Q(uid=request.user.id) & Q(is_used=False) & Q(is_expired=False))
     peers = [{'id':ix+1, 'name':f'{p.rid}|{p.alias}'} for ix, p in enumerate(peers)]
     sharelinks = [{'shash':s.shash, 'is_used':s.is_used, 'is_expired':s.is_expired, 'create_time':s.create_time, 'peers':s.peers} for ix, s in enumerate(sharelinks)]
-    
+
     if request.method == 'GET':
         url = request.build_absolute_uri()
         if url.endswith('share'):
@@ -267,7 +267,7 @@ def share(request):
                     peers_self_ids = [x.rid for x in RustDeskPeer.objects.filter(Q(uid=request.user.id))]
                     peers_share = RustDeskPeer.objects.filter(rid__in=peers)
                     peers_share_ids = [x.rid for x in peers_share]
-                    
+
                     for peer in peers_share:
                         if peer.rid in peers_self_ids:
                             continue
@@ -276,9 +276,9 @@ def share(request):
                         peer.uid = request.user.id
                         peer.save()
                         msg += f"{peer.rid},"
-                    
+
                     msg += '已被成功获取。'
- 
+
             return render(request, 'msg.html', {'title':msg, 'msg':msg})
     else:
         data = request.POST.get('data', '[]')
@@ -296,4 +296,4 @@ def share(request):
         sharelink.save()
 
         return JsonResponse({'code':1, 'shash':sharelink.shash})
-        
+
diff --git a/rustdesk_server_api/settings.py b/rustdesk_server_api/settings.py
index de53bed..3cfaf95 100644
--- a/rustdesk_server_api/settings.py
+++ b/rustdesk_server_api/settings.py
@@ -14,17 +14,20 @@ from pathlib import Path
 
 # Build paths inside the project like this: BASE_DIR / 'subdir'.
 BASE_DIR = Path(__file__).resolve().parent.parent
-CSRF_TRUSTED_ORIGINS = [os.environ.get("CSRF_TRUSTED_ORIGINS", "http://www.baidu.com")]
-SECURE_CROSS_ORIGIN_OPENER_POLICY = 'None'
+if "CSRF_TRUSTED_ORIGINS" in os.environ:
+    CSRF_TRUSTED_ORIGINS = [os.environ["CSRF_TRUSTED_ORIGINS"]]
+else:
+    CSRF_TRUSTED_ORIGINS = ["http://127.0.0.1:21114"]
+    SECURE_CROSS_ORIGIN_OPENER_POLICY = 'None'
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/3.1/howto/deployment/checklist/
 
 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = 'j%7yjvygpih=6b%qf!q%&ixpn+27dngzdu-i3xh-^3xgy3^nnc'
+SECRET_KEY = os.environ.get("SECRET_KEY", 'j%7yjvygpih=6b%qf!q%&ixpn+27dngzdu-i3xh-^3xgy3^nnc')
 # ID服务器IP或域名，一般与中继服务器，用于web client
-ID_SERVER = '127.0.0.1'
+ID_SERVER = os.environ.get("ID_SERVER", '')
 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = False
+DEBUG = os.environ.get("DEBUG", False)
 DEFAULT_AUTO_FIELD = 'django.db.models.AutoField'
 ALLOWED_HOSTS = ["*"]
 AUTH_USER_MODEL = 'api.UserProfile'      #AppName.自定义user
@@ -125,8 +128,8 @@ STATIC_URL = 'static/'
 
 if DEBUG:
     STATICFILES_DIRS = [os.path.join(BASE_DIR, 'static')]
-    
+
 else:
 
-    
+
     STATIC_ROOT = os.path.join(BASE_DIR, 'static')     # 新增
diff --git a/webui/views.py b/webui/views.py
index 34f49ba..a201941 100644
--- a/webui/views.py
+++ b/webui/views.py
@@ -7,7 +7,6 @@ from django.conf import settings as _settings
 
 @login_required(login_url='/api/user_action?action=login')
 def index(request):
-    if _settings.ID_SERVER == '127.0.0.1':
-        html = "网站未配置ID_SERVER选项, 无法使用web client!<br>" + '<a href="..">返回</a>'
-        return HttpResponse(html)
+    if _settings.ID_SERVER == '':
+        _settings.ID_SERVER = request.get_host().split(":")[0]
     return render(request, 'webui.html')