As I said before:
Also, that config looks exactly right. I don’t think there’s anything “dirty” about it (other than the fast that you didn’t use code formatting, making it harder to read).
The only suggestions I have to improve your Caddyfile are to remove the * matcher for basicauth, because * is implied if you omit the matcher. Just looks slightly nicer. Also, you can remove the tls line in the proxy transport, because if you specify https:// as the upstream’s scheme, then tls will be automatically enabled for you.
Like this:
sub5.mydomain.cc {
basicauth {
admin JDJhJDEwJERJZzNtRW5haVJOZTV5YWpCQUg4dC4uWG8xaFFrdnRLQmtqRkFJaUdaZ21WRmZGV1g4Smxt
}
reverse_proxy https://10.0.0.3:8443 {
transport http {
tls_insecure_skip_verify
}
}
}