It’s not necessarily easier or harder at all, from Caddy’s perspective.
I run Caddy in Docker almost exclusively; the most often use case I have for Caddy outside of a container is actually when testing and running configs from the forums here to help people troubleshoot.
You definitely want to take a look at the Caddyfile Concepts documentation to get started: https://caddyserver.com/docs/caddyfile/concepts#structure
Particularly, this infographic will be very helpful to demonstrate the structure you want:
If you observe your existing Caddyfile, you will find that your Vaultwarden reverse-proxy takes the form of a site block (like the bottom two sections, highlighted in blue).
Caddy makes it very easy to add additional sites by just writing additional site blocks.
In this case, all your other site needs is a site address and a reverse_proxy. Something like:
subdomain.example.com {
reverse_proxy 192.168.0.27:5000
}
Would probably work just fine.
Apologies, but I’m not entirely sure what you mean by handles. If you’re referring to subfolders (e.g. mine.duckdns.org/vaultwarden/) then I would attempt to dissuade you from this as in the event of uncooperative upstream applications, things can get quite hairy. (I wrote a post about that class of issues, which I call The "subfolder problem", OR, "why can't I reverse proxy my app into a subfolder?")
Subdomains will work. Sub-subdomains I’m not entirely sure about; you’d have to ensure DuckDNS is cooperative. Some quick dig-ing indicates that they seem to have the behaviour that sub-subdomains point to the same IP as the subdomain, so you might just be gold to use wireguard.mine.duckdns.org and others in the same vein to distinguish your sites.