## Why

Trojan service depends on Let's Encrypt TLS certificates obtained via HTTP-01 challenge, which requires port 80 to be accessible for certbot's standalone HTTP server. The landing server's UFW `allowed_ports` only includes port 443 (Trojan), blocking the Let's Encrypt challenge and preventing certificate issuance.

## What Changes

- Add port 80 to `allowed_ports` in `group_vars/landing.yml.example` for Let's Encrypt HTTP-01 challenge

## Capabilities

### New Capabilities
<!-- none -->

### Modified Capabilities
<!-- none -->

## Impact

- `group_vars/landing.yml.example`: add port 80 to `allowed_ports`