diff --git a/sites-available/portal.conf b/sites-available/portal.conf
index e8951c4..c0fb796 100644
--- a/sites-available/portal.conf
+++ b/sites-available/portal.conf
@@ -12,7 +12,7 @@ server {
     listen 10.0.0.29:443 ssl http2;
 
     add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
-    add_header Content-Security-Policy "default-src 'self'; connect-src 'self'; script-src 'self' https://cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com;" always;
+    add_header Content-Security-Policy "default-src 'self'; connect-src 'self'; script-src 'self' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com; img-src 'self' data:;" always;
 
     # Remove or update unsupported origin trial features.
     # For example, comment out or remove these if not using them:
@@ -55,16 +55,36 @@ server {
         fastcgi_intercept_errors on;
     }
 
-    # Reverse proxy for API calls.
-    # If your backend expects the API without the "/api" prefix, use the proxy_pass below.
+    # Reverse proxy for API calls to KidsAI Explorer backend
+    # Proxy all /api/ requests to the Node.js server running on port 3002
     location /api/ {
-        proxy_pass http://127.0.0.1:3000;
-        # If your backend requires the /api prefix, change to:
-        # proxy_pass http://127.0.0.1:3000/api/;
+        proxy_pass http://127.0.0.1:3002;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
+        
+        # Additional headers for better compatibility
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Server $host;
+        
+        # Increase timeouts for AI processing
+        proxy_connect_timeout       300;
+        proxy_send_timeout          300;
+        proxy_read_timeout          300;
+        send_timeout                300;
+    }
+
+    # Serve KidsAI Explorer static files
+    location /kidsai/ {
+        alias /var/www/html/kidsai/;
+        try_files $uri $uri/ /kidsai/index.html;
+        
+        # Cache static assets
+        location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
+            expires 1y;
+            add_header Cache-Control "public, immutable";
+        }
     }
 }
 
diff --git a/sites-enabled/element.conf b/sites-enabled/element.conf
new file mode 120000
index 0000000..2441b50
--- /dev/null
+++ b/sites-enabled/element.conf
@@ -0,0 +1 @@
+/etc/nginx/sites-available/element.conf
\ No newline at end of file
diff --git a/sites-enabled/matrix.conf b/sites-enabled/matrix.conf
new file mode 120000
index 0000000..8a50a90
--- /dev/null
+++ b/sites-enabled/matrix.conf
@@ -0,0 +1 @@
+/etc/nginx/sites-available/matrix.conf
\ No newline at end of file