Thanks @francislavoie, I may have found the problem.
On this post, It shows that if you run a container in a bridge network, docker puts a iptable rule to forward the selected port from host to the container.
In my case, the port 2828 of the NAS is forwarded to the port 443 of Caddy.
iptables-save | grep 2828 -A DOCKER ! -i docker-ddd5ce45 -p tcp -m tcp --dport 2828 -j DNAT --to-destination 172.19.0.11:443
It shows that the port 2828 of the NAS is forwarded to the port 443 of Caddy with
-p tcp, so in TCP protocol.
So when I had NGINX reverse-proxying my subdomain to Caddy, the port forwarding was made in HTTP protocol, so the headers were preserved.
Do you have these kind of rules on your iptables too ?