What it sounds like you’re trying to do is set up Caddy as a reverse proxy to all the services you have running internally.
Basically, Caddy will listen on ports 80 and 443 (port forward those ports to your Caddy server) and route requests based on the config; typically routing is done by hostname (domain).
It might look like this:
nextcloud1.example.com {
reverse_proxy 192.168.0.10:8080
}
nextcloud2.example.com {
reverse_proxy 192.168.0.11:8080
}
something-else.example.com {
reverse_proxy 192.168.0.12:9000
}
Caddy will automate issuing TLS certificates for each of those domains; you just need to make sure your DNS is correct for those domains, pointing to your WAN IP, and that your network router is routing traffic on ports 80/443 to Caddy.
For most apps, just the default reverse_proxy directive should probably work. But some apps have some tendencies to not work behind a reverse proxy out-of-the-box without some additional config, so you’ll need to look into that. For example, I know that NextCloud typically requires configuring trusted proxies to work properly – search their docs for details on that.
Hopefully that’s enough to get you started; I’m not really sure what else to say. Make sure to read the Caddy docs, especially the Caddyfile Concepts page which should give you an idea of how the config is structured: