You should always be able to use docker-compose up -d. It’s just docker-compose up but it doesn’t run in the foreground, it runs daemonised. You want to use docker-compose build to build the containers, up should only build them if they’re not currently built.
Double check what you put in common.conf vs. what I put in my example. When you specify the log format, you need three arguments to the directive - the path you’re logging, the location of the log file, and the format. You’ve used only the latter two. Use log / /var/log/caddy/access.log "[FORMAT]", not log /var/log/caddy/access.log "[FORMAT]" - that’s why you’re getting wrong argument count.
You’ve made the exact same syntax mistake here as you did for log. basicauth needs three arguments - the path you’re protecting, then the username, then the password. You’ve just put the username and password in. basicauth / user pass, not basicauth user pass.
This has little to nothing to do with Caddy. Caddy’s not listening on port 32400, Plex is, and you’re connecting directly to it.
My honest advice - Plex is a complicated beast. Run it accessible via https://plex.tv and use their site as the frontend, forget about trying to front it with Caddy. It will still transfer video over the private network if you access it via https://plex.tv.
Were the certificate chain/keys concatenated together in PEM files?
Gotta say, mate, you’re really making it hard for yourself, taking on a lot of complications for this project. Cloudflare is another complicated beast. I’ve written about it a few times in the past.
The certificate that YOU see, issued by Cloudflare, isn’t the certificate your host is presenting. You’re not even connecting to your host, you’re connecting to Cloudflare, and Cloudflare is connecting to your host. Misunderstanding how this system works is very detrimental to trying to deploy a complicated project like this, and my suggestion is that you forget entirely about trying to use Cloudflare to reverse proxy to your Caddy reverse proxy. Just use Cloudflare as DNS - disable all the orange-clouds in your Cloudflare dashboard - and get everything working that way first; get CF on board later if you absolutely need to.
As for what’s going wrong, I don’t know. Cloudflare might be giving you a valid certificate, but your Caddy isn’t giving Cloudflare a valid certificate. Moving the SSL setting from Full (Strict) back down to Full might solve this, but it’s not ideal. Again, get rid of CF’s reverse proxy, get everything working, then reintroduce them later.
I can’t recommend enough paying closer attention to the docs and understanding the directives you’re using. A few of the mistakes above are really simple and come down to not knowing how many arguments the directive should be given.