converted to envoy for spiffe identity filtering

docker-compose.yml

@@ -8,16 +8,15 @@ services:
     environment:
       OPTIONS: --no-auth
 
-  caddy:
-    image: caddy:alpine
-    container_name: caddy
+  envoy:
+    image: envoyproxy/envoy:v1.33-latest
+    user: root
+    container_name: envoy
     restart: unless-stopped
     ports:
-      - "443:443"
+      - "443:10000"
     volumes:
-      - ./Caddyfile:/etc/caddy/Caddyfile:ro
-      - ./certs/soteria.crt:/certs/soteria.crt:ro
-      - ./certs/soteria.key:/certs/soteria.key:ro
-      - ${HOME}/.step/certs/root_ca.crt:/certs/root_ca.crt:ro
+      - ./envoy.yaml:/etc/envoy/envoy.yaml:ro
+      - /var/lib/tls:/certs
     depends_on:
-      - rest-server
+      - rest-server