Fix Caddyfile layer4 network address syntax

Update to use correct Caddy network address format: - network/address instead of address/network - udp/:5060 instead of :5060/udp - Remove invalid tls subdirective from proxy handler
2025-12-06 16:52:10 -07:00 · 2025-12-06 16:52:10 -07:00 · a62d1b4064
commit a62d1b4064
parent 500185e692
1 changed files with 9 additions and 10 deletions
--- a/19
+++ b/19
@ -4,18 +4,18 @@
 # 1. Layer 4 SIP proxying with rate limiting and ban management
 # 2. Admin API for managing bans (internal only)
 # 3. Web interface proxying for FreePBX
+#
+# Network address format: network/address (network defaults to tcp)
+# Examples: udp/:5060, tcp/:5060, :5060 (defaults to tcp)

 {
 	# Enable admin API on all interfaces for docker
 	admin 0.0.0.0:2019

-	# Global rate limiting zones
-	# These are shared across all routes
-
 	# Layer 4 Apps - SIP Traffic
 	layer4 {
 		# SIP over UDP (most common)
-		:5060/udp {
+		udp/:5060 {
 			@sip sip {
 				methods REGISTER INVITE OPTIONS ACK BYE CANCEL INFO NOTIFY SUBSCRIBE MESSAGE
 			}
@ -37,7 +37,7 @@
 		}

 		# SIP over TCP
-		:5060/tcp {
+		tcp/:5060 {
 			@sip sip

 			route @sip {
@ -46,15 +46,14 @@
 			}
 		}

-		# SIP over TLS (SIPS)
-		:5061/tcp {
+		# SIP over TLS (SIPS) - passthrough to upstream
+		tcp/:5061 {
 			@sip sip

 			route @sip {
 				sip_guardian
-				proxy tcp/{$SIP_UPSTREAM_HOST:freepbx}:{$SIP_UPSTREAM_TLS_PORT:5061} {
-					tls
-				}
+				# Passthrough TLS - upstream handles TLS termination
+				proxy tcp/{$SIP_UPSTREAM_HOST:freepbx}:{$SIP_UPSTREAM_TLS_PORT:5061}
 			}
 		}
 	}