# Build custom Caddy with SIP Guardian, Layer 4, Rate Limiting, and Docker Proxy
FROM caddy:2.8-builder AS builder

RUN xcaddy build \
    --with github.com/lucaslorentz/caddy-docker-proxy/v2 \
    --with github.com/mholt/caddy-l4 \
    --with github.com/mholt/caddy-ratelimit \
    --with github.com/ryanmalloy/caddy-sip-guardian

FROM caddy:2.8-alpine

COPY --from=builder /usr/bin/caddy /usr/bin/caddy

# Health check
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
    CMD wget -qO- http://localhost:2019/config/ || exit 1

EXPOSE 80 443 443/udp 5060 5060/udp 5061

ENTRYPOINT ["caddy"]
# Default: docker-proxy mode (reads Docker labels)
# Override with explicit Caddyfile if needed
CMD ["docker-proxy"]