Well, you don’t really need to proxy HTTPS from Caddy to emby; you’re on the same machine, you can proxy over HTTP and it’s fine. Caddy terminates TLS.
Basically:
Browser → HTTPS → (Caddy → HTTP → Emby)
The bit in parentheses is what’s going on on that machine. There’s no real security advantage to proxying from Caddy to Emby over HTTPS because the only risk of interception is having other software on that same machine snooping the traffic. You shouldn’t be running untrusted software, and if something was already able to do that, it would be game over already (for other reasons).
So just change 192.168.1.3:8920 to 192.168.1.3:8096 and you’ll be good to go.
For completion’s sake, if you had a reason to proxy over HTTPS (like if emby was on another machine or in another network where you can’t trust the pipe between them) then you would need to do reverse_proxy https://192.168.1.3:8920 to tell Caddy to connect with TLS enabled, and then you would need to make sure Caddy trusts the certificate served by that service via reverse_proxy’s tls_trusted_ca_certs option (or turn off security altogether with tls_insecure_skip_verify which completely defeats the purpose of using TLS anyways because that would allow man-in-the-middle attacks to work).
This article might help explain these ideas: