Fix Caddyfile layer4 network address syntax

Update to use correct Caddy network address format:
- network/address instead of address/network
- udp/:5060 instead of :5060/udp
- Remove invalid tls subdirective from proxy handler

Caddyfile

@@ -4,18 +4,18 @@
 # 1. Layer 4 SIP proxying with rate limiting and ban management
 # 2. Admin API for managing bans (internal only)
 # 3. Web interface proxying for FreePBX
+#
+# Network address format: network/address (network defaults to tcp)
+# Examples: udp/:5060, tcp/:5060, :5060 (defaults to tcp)
 
 {
 	# Enable admin API on all interfaces for docker
 	admin 0.0.0.0:2019
 
-	# Global rate limiting zones
-	# These are shared across all routes
-
 	# Layer 4 Apps - SIP Traffic
 	layer4 {
 		# SIP over UDP (most common)
-		:5060/udp {
+		udp/:5060 {
 			@sip sip {
 				methods REGISTER INVITE OPTIONS ACK BYE CANCEL INFO NOTIFY SUBSCRIBE MESSAGE
 			}
@@ -37,7 +37,7 @@
 		}
 
 		# SIP over TCP
-		:5060/tcp {
+		tcp/:5060 {
 			@sip sip
 
 			route @sip {
@@ -46,15 +46,14 @@
 			}
 		}
 
-		# SIP over TLS (SIPS)
+		# SIP over TLS (SIPS) - passthrough to upstream
-		:5061/tcp {
+		tcp/:5061 {
 			@sip sip
 
 			route @sip {
 				sip_guardian
-				proxy tcp/{$SIP_UPSTREAM_HOST:freepbx}:{$SIP_UPSTREAM_TLS_PORT:5061} {
+				# Passthrough TLS - upstream handles TLS termination
-					tls
+				proxy tcp/{$SIP_UPSTREAM_HOST:freepbx}:{$SIP_UPSTREAM_TLS_PORT:5061}
-				}
 			}
 		}
 	}