# Custom Caddy with the layer-4 (TCP/UDP) app so it can proxy raw mail ports,
# not just HTTP. caddy-ratelimit is included to match the house build on `box`.
#
#   docker build -t tailwart-caddy ./caddy
#
# Pinned to 2.11 to match box's Caddy. Bump deliberately.
FROM caddy:2.11-builder AS build
RUN xcaddy build \
    --with github.com/mholt/caddy-l4 \
    --with github.com/mholt/caddy-ratelimit

FROM caddy:2.11
COPY --from=build /usr/bin/caddy /usr/bin/caddy
# Proof the L4 module is in the binary (fails the build if not):
RUN caddy list-modules | grep -q 'layer4' || (echo 'caddy-l4 missing!' && exit 1)
