diff --git a/compose.yaml b/compose.yaml
index f6fdc79..6a648c6 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -119,6 +119,25 @@ services:
         max-size: "10m"
         max-file: "3"
 
+  landing:
+    build:
+      context: ./landing
+    restart: unless-stopped
+    ports:
+      - "127.0.0.1:18881:80"
+    healthcheck:
+      test: ["CMD-SHELL", "curl -f http://localhost:80/ || exit 1"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 5s
+    networks: [nexus]
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "10m"
+        max-file: "3"
+
 networks:
   nexus:
   openclaw_default:
diff --git a/ops/nginx-landing.conf b/ops/nginx-landing.conf
new file mode 100644
index 0000000..70bf3f1
--- /dev/null
+++ b/ops/nginx-landing.conf
@@ -0,0 +1,55 @@
+# ==============================================================================
+# Noveria.net Landingpage — Nginx Server Block
+# ==============================================================================
+# Diese Config gehört in den Host-Nginx unter /etc/nginx/sites-available/
+# und muss via Symlink nach /etc/nginx/sites-enabled/ aktiviert werden.
+#
+# WICHTIG: Falls "noveria.net" oder "www.noveria.net" bereits in einem anderen
+# Serverblock (z.B. dem nexus.noveria.net-Block) als server_name auftaucht,
+# muss es dort entfernt werden, sonst schlägt nginx -t fehl.
+# ==============================================================================
+
+server {
+    listen 443 ssl http2;
+    server_name noveria.net www.noveria.net;
+
+    # SSL (gleiche Zertifikate wie nexus)
+    ssl_certificate     /etc/letsencrypt/live/noveria.net/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/noveria.net/privkey.pem;
+    include             /etc/nginx/snippets/ssl-params.conf;
+
+    # Security Header
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header Referrer-Policy "no-referrer-when-downgrade" always;
+
+    location / {
+        proxy_pass http://127.0.0.1:18881;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
+
+# HTTP → HTTPS redirect
+server {
+    listen 80;
+    server_name noveria.net www.noveria.net;
+    return 301 https://$host$request_uri;
+}
+
+# ==============================================================================
+# Diagnose-Kommandos (auf dem Host auszuführen, nicht im Container!)
+# ==============================================================================
+# 1. Prüfen ob noveria.net bereits in bestehender Config referenziert wird
+#    grep -rn "noveria.net" /etc/nginx/sites-available/
+#    grep -rn "www.noveria.net" /etc/nginx/sites-available/
+#
+# 2. Config testen nach Änderung
+#    nginx -t
+#
+# 3. Nginx neuladen
+#    systemctl reload nginx
+# ==============================================================================