diff --git a/.env.sample b/.env.sample
index 26e46a0..220faa0 100644
--- a/.env.sample
+++ b/.env.sample
@@ -23,6 +23,10 @@ VIDEO_EDIT_PORT=8000
 
 #沙箱环境对外端口，不建议暴露，如果需要暴露，取消docker-compose.yml中的对应注释
 SANDBOX_PORT=8081
+#SANDBOX jupyterlab 端口
+SANDBOX_JUPYTERLAB_PORT=8888
+# 配置Jupter的token，安全考虑，建议设置
+SANDBOX_JUPYTER_TOKEN=easyaiisbest
 SANDBOX_SERVICE_BASE_URL=
 
 
diff --git a/docker-compose.yml b/docker-compose.yml
index f0c6af8..da464be 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -282,15 +282,19 @@ services:
     #沙箱环境默认不对外暴露
 #    ports:
 #      - "${SANDBOX_PORT}:8000"
+#      - "${SANDBOX_JUPYTERLAB_PORT}:8888"
+    labels:
+      - "com.centurylinklabs.watchtower.enable=true"
     volumes:
       - ./sandbox-data:/app/data
       - ./local_packages:/app/local_packages
-      - ./env/python-packages:/home/sandbox/.local
+      - ./env/python-packages:/root/.local
       - ./env/node-modules:/app/node_modules_extra
     tmpfs:
       - /app/tmp:mode=1777
       - /tmp:mode=1777
-    read_only: true
+# 需要更加强的安全性，可以将ready only设置为true，可能影响使用Jupterlab 操作容器改动
+#    read_only: true
     security_opt:
       - no-new-privileges:true
     environment:
@@ -301,8 +305,14 @@ services:
       - PIP_CACHE_DIR=/app/tmp/.pip
       - TMPDIR=/app/tmp
       - NPM_CONFIG_CACHE=/app/tmp/.npm
-      - PYTHON_EXTRA_DIR=/home/sandbox/.local/lib/python3.12/site-packages
-      - PYTHON_EXTRA_PATH=/home/sandbox/.local/lib/python3.12/site-packages
+      - PYTHON_EXTRA_DIR=/root/.local/lib/python3.12/site-packages
+      - PYTHON_EXTRA_PATH=/root/.local/lib/python3.12/site-packages
+      # Jupyter 运行时与数据写到可写目录，避免挂载 /root/.local 导致无法写入
+      - JUPYTER_DATA_DIR=/app/tmp/jupyter_data
+      - JUPYTER_RUNTIME_DIR=/app/tmp/jupyter_runtime
+      - JUPYTER_CONFIG_DIR=/app/tmp/jupyter_config
+      # Jupyter 访问 token：不设或为空则无需 token；设置后打开 JupyterLab 需填写该 token
+      - JUPYTER_TOKEN=${SANDBOX_JUPYTER_TOKEN}
     restart: unless-stopped
     deploy:
       resources:
diff --git a/easyai-proxy.conf.sample b/easyai-proxy.conf.sample
index 594ff13..0fcf700 100644
--- a/easyai-proxy.conf.sample
+++ b/easyai-proxy.conf.sample
@@ -97,6 +97,15 @@ server {
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_set_header Host $host;
     }
+    location /jupyterlab/ {
+        proxy_pass http://127.0.0.1:8888/lab/;
+        proxy_redirect off;
+        proxy_set_header X-Original-Prefix '/lab';
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Host $host;
+    }
     location /socket.io {
         proxy_pass http://127.0.0.1:3002;
         proxy_read_timeout 300s;