## ADDED Requirements

### Requirement: Nginx is installed as a fallback web server for Trojan
The landing server SHALL have nginx installed and configured to serve a static fallback page on `trojan_fallback_port`.

#### Scenario: Nginx is installed
- **WHEN** the trojan role runs on a landing server
- **THEN** the nginx package is installed and available

### Requirement: Nginx serves a camouflage page on the fallback port
Nginx SHALL be configured with a server block listening on `trojan_fallback_port` that returns a static HTML page, mimicking a generic website for HTTPS camouflage.

#### Scenario: Fallback page is accessible
- **WHEN** an HTTP request is made to `localhost:trojan_fallback_port`
- **THEN** nginx returns a 200 response with static HTML content

### Requirement: Fallback port is allowed through UFW
The `trojan_fallback_port` SHALL be added to the `allowed_ports` list in `group_vars/landing.yml` so the base role opens it through the firewall.

#### Scenario: Firewall allows fallback port
- **WHEN** the base role configures UFW
- **THEN** traffic on `trojan_fallback_port` is allowed