diff --git a/api/v1/system/personal.go b/api/v1/system/personal.go
index 6b70c0f..ad351ae 100644
--- a/api/v1/system/personal.go
+++ b/api/v1/system/personal.go
@@ -53,7 +53,7 @@ type PersonalEditRes struct {
 
 type PersonalResetPwdReq struct {
 	g.Meta   `path:"/personal/resetPwd" tags:"系统后台/用户管理" method:"put" summary:"重置个人密码"`
-	Password string `p:"password" v:"required|password#密码不能为空|密码以字母开头，只能包含字母、数字和下划线，长度在6~18之间"`
+	Password string `p:"password" v:"required|password2#密码不能为空|密码必须包含大小写字母和数字，长度在6~18之间"`
 	commonApi.Author
 }
 
diff --git a/api/v1/system/sys_user.go b/api/v1/system/sys_user.go
index 9bec0ab..bf86a76 100644
--- a/api/v1/system/sys_user.go
+++ b/api/v1/system/sys_user.go
@@ -67,7 +67,7 @@ type UserAddReq struct {
 	g.Meta `path:"/user/add" tags:"系统后台/用户管理" method:"post" summary:"添加用户"`
 	*SetUserReq
 	UserName string `p:"userName" v:"required#用户账号不能为空"`
-	Password string `p:"password" v:"required|password#密码不能为空|密码以字母开头，只能包含字母、数字和下划线，长度在6~18之间"`
+	Password string `p:"password" v:"required|password2#密码不能为空|密码必须包含大小写字母和数字，长度在6~18之间"`
 	UserSalt string
 }
 
@@ -100,7 +100,7 @@ type UserGetEditRes struct {
 type UserResetPwdReq struct {
 	g.Meta   `path:"/user/resetPwd" tags:"系统后台/用户管理" method:"put" summary:"重置用户密码"`
 	Id       uint64 `p:"userId" v:"required#用户id不能为空"`
-	Password string `p:"password" v:"required|password#密码不能为空|密码以字母开头，只能包含字母、数字和下划线，长度在6~18之间"`
+	Password string `p:"password" v:"required|password2#密码不能为空|密码必须包含大小写字母和数字，长度在6~18之间"`
 }
 
 type UserResetPwdRes struct {
diff --git a/library/upload/local.go b/library/upload/local.go
index b681e41..af1cbe6 100644
--- a/library/upload/local.go
+++ b/library/upload/local.go
@@ -22,10 +22,13 @@ func (s *Local) Upload(ctx context.Context, file *ghttp.UploadFile) (result syst
 		return
 	}
 	r := g.RequestFromCtx(ctx)
-	host := r.Host
-	forwardedHost := r.Header.Get("X-Forwarded-Host")
-	if forwardedHost != "" {
-		host = forwardedHost
+	host := r.Header.Get("X-Forwarded-Host")
+	scheme := r.Header.Get("X-Scheme")
+	if host == "" {
+		host = r.Host
+	}
+	if scheme == "" {
+		scheme = r.GetSchema()
 	}
 	uri := r.Header.Get("X-Original-URI")
 	if uri != "" {
@@ -34,7 +37,7 @@ func (s *Local) Upload(ctx context.Context, file *ghttp.UploadFile) (result syst
 			uri = gstr.SubStr(uri, 1, pos)
 		}
 	}
-	urlPerfix := fmt.Sprintf("//%s/%s", host, uri)
+	urlPerfix := fmt.Sprintf("%s://%s/%s", scheme, host, uri)
 	p := strings.Trim(consts.UploadPath, "/")
 	sp := s.getStaticPath(ctx)
 	if sp != "" {