diff --git a/README.md b/README.md
index 7081026..bfdde1e 100644
--- a/README.md
+++ b/README.md
@@ -19,26 +19,29 @@ The simplest way to enable the forward proxy without authentication just include
 Open a block for more control; here's an example of all properties in use (note that the syntax is subject to change):
 
 ```
-forwardproxy {
-    basicauth user1 password1
-    basicauth user2 password2
-    ports     80 443
-    hide_ip
-    hide_via
-    probe_resistance secret-link-kWWL9Q.com # alternatively you can use a real domain, such as caddyserver.com
-    serve_pac        /secret-proxy.pac
-    response_timeout 30
-    dial_timeout     30
-    upstream         https://user:password@extra-upstream-hop.com
-    acl {
-      allow     *.caddyserver.com
-      deny      192.168.1.1/32 192.168.0.0/16 *.prohibitedsite.com *.localhost
-      allow     ::1/128 8.8.8.8 github.com *.github.io
-      allowfile /path/to/whitelist.txt
-      denyfile  /path/to/blacklist.txt
-      allow     all
-      deny      all # unreachable rule, remaining requests are matched by `allow all` above
-    }
+:2015 {
+      log / stdout "{remote} - {user} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {hostonly} {request_id} {latency_ms}"
+      forwardproxy {
+          basicauth user1 password1
+          basicauth user2 password2
+          ports     80 443
+          hide_ip
+          hide_via
+          probe_resistance secret-link-kWWL9Q.com # alternatively you can use a real domain, such as caddyserver.com
+          serve_pac        /secret-proxy.pac
+          response_timeout 30
+          dial_timeout     30
+          upstream         https://user:password@extra-upstream-hop.com
+          acl {
+            allow     *.caddyserver.com
+            deny      192.168.1.1/32 192.168.0.0/16 *.prohibitedsite.com *.localhost
+            allow     ::1/128 8.8.8.8 github.com *.github.io
+            allowfile /path/to/whitelist.txt
+            denyfile  /path/to/blacklist.txt
+            allow     all
+            deny      all # unreachable rule, remaining requests are matched by `allow all` above
+          }
+      }
 }
 ```
 
diff --git a/docker-build/Dockerfile b/docker-build/Dockerfile
index 5637e07..40451c5 100644
--- a/docker-build/Dockerfile
+++ b/docker-build/Dockerfile
@@ -1,16 +1,10 @@
-FROM alpine:3.6
-
-LABEL description="Docker image for caddy+forwardproxy plugin."
-LABEL maintainer="SergeyFrolov@colorado.edu"
-
-RUN apk add --no-cache ca-certificates bash curl
-
-RUN curl --fail https://getcaddy.com | bash -s http.forwardproxy
-
-COPY gen_caddyfile_and_start.sh /bin/
-
-VOLUME /root/.caddy
-
-EXPOSE 80 443 2015
-
-ENTRYPOINT /bin/gen_caddyfile_and_start.sh
+FROM golang:1.14.15 AS builder
+RUN git clone https://github.com/caddyserver/forwardproxy.git
+WORKDIR /go/forwardproxy/cmd/caddy 
+RUN go build caddy.go
+
+FROM ubuntu:20.04
+COPY --from=builder /go/forwardproxy/cmd/caddy/caddy /usr/bin/caddy
+EXPOSE 2015
+ENTRYPOINT ["/usr/bin/caddy"] 
+CMD ["-conf", "/etc/caddy/Caddyfile", "--log", "/dev/stdout", "--agree=true"]