I’m not totally clear on what’s going on. Are you saying there’s a redirect from from https://syno.ian.gay to https://syno.ian.gay:5001 going on?
If 5001 is Synology’s HTTPS port, you need to configure Caddy to proxy over HTTPS. By default, it proxies over HTTP (because proxying over HTTPS is typically unnecessary because the boundary into your LAN has already been crossed), or proxy over HTTP with port 5000 which I assume is its HTTP port (which ideally isn’t configured to do HTTP->HTTPS redirects, in which case you’ll need to play with Synology configuration to make it not do that).
This might help you understand: