You should use portainer’s HTTP port, not the HTTPS port. So probably port 8000.
Caddy proxies over HTTP to the upstream. There’s no real benefit to proxying over HTTPS because the traffic happens within your private network, so there’s not the same risk of tampering as when the traffic crosses public networks (the internet).
You can remove these lines from your Docker Compose config. You don’t need to publish the ports on the host, because the traffic goes through Caddy, and Caddy connects to those containers within the Docker network.
Having these ports publishes means that if someone can connect to your server on port 8000 or whatever, they could connect without HTTPS, unencrypted. You don’t want that, you want the only way to use the service to be over HTTPS, which Caddy handles for you.
You need to use the port internal to the Docker network to connect to it, so use reverse_proxy baserow:80. And you can remove the ports as per above as well.