ansible-proxy-chain/openspec/changes/archive/2026-04-22-allow-http-on-landing/proposal.md

Why

Trojan service depends on Let's Encrypt TLS certificates obtained via HTTP-01 challenge, which requires port 80 to be accessible for certbot's standalone HTTP server. The landing server's UFW allowed_ports only includes port 443 (Trojan), blocking the Let's Encrypt challenge and preventing certificate issuance.

What Changes

• Add port 80 to allowed_ports in group_vars/landing.yml.example for Let's Encrypt HTTP-01 challenge

Capabilities

New Capabilities

Modified Capabilities

Impact

• group_vars/landing.yml.example: add port 80 to allowed_ports