That exact config adapts just fine for me:
$ caddy adapt
{"apps":{"http":{"servers":{"srv0":{"listen":[":443"],"routes":[{"match":[{"host":["host1.sine-fatum.com"]}],"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"192.168.0.200:6009"}]}]}]}],"terminal":true},{"match":[{"host":["host2.sine-fatum.com"]}],"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"192.168.0.200:6008"}]}]}]}],"terminal":true},{"match":[{"host":["auth.sine-fatum.com"]}],"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","trusted_proxies":["192.168.0.0/24"],"upstreams":[{"dial":"192.168.0.200:9091"}]}]}]}],"terminal":true},{"match":[{"host":["ytdl.sine-fatum.com"]}],"handle":[{"handler":"subroute","routes":[{"handle":[{"handle_response":[{"match":{"status_code":[2]},"routes":[{"handle":[{"handler":"headers","request":{"set":{"Remote-Email":["{http.reverse_proxy.header.Remote-Email}"],"Remote-Groups":["{http.reverse_proxy.header.Remote-Groups}"],"Remote-Name":["{http.reverse_proxy.header.Remote-Name}"],"Remote-User":["{http.reverse_proxy.header.Remote-User}"]}}}]}]}],"handler":"reverse_proxy","headers":{"request":{"set":{"X-Forwarded-Method":["{http.request.method}"],"X-Forwarded-Uri":["{http.request.uri}"]}}},"rewrite":{"method":"GET","uri":"/api/verify?rd=https://auth.sine-fatum.com/"},"trusted_proxies":["192.168.0.0/24"],"upstreams":[{"dial":"192.168.0.200:9091"}]},{"handler":"reverse_proxy","trusted_proxies":["192.168.0.0/24"],"upstreams":[{"dial":"192.168.0.200:6021"}]}]}]}],"terminal":true}],"tls_connection_policies":[{"match":{"sni":["host1.sine-fatum.com"]},"certificate_selection":{"any_tag":["cert0"]}},{}]}}},"tls":{"certificates":{"load_files":[{"certificate":"/etc/ssl/custcerts/mycustomcert.crt","key":"/etc/ssl/custcerts/mycustomkey.key","tags":["cert0"]}]},"automation":{"policies":[{"subjects":["host1.sine-fatum.com","host2.sine-fatum.com","auth.sine-fatum.com","ytdl.sine-fatum.com"],"issuers":[{"email":"myemail@gmail.com","module":"acme"},{"email":"myemail@gmail.com","module":"zerossl"}]}]}}}}
Are you sure this is exactly the config you tried? If you edited to post it to the forums, you might have inadvertently fixed it.
Anyway. You can make a significant simplification to your config. Move trusted proxies to global options.
{
email myemail@gmail.com
servers {
trusted_proxies static 192.168.0.0/24
}
}
auth.sine-fatum.com {
reverse_proxy 192.168.0.200:9091
}
ytdl.sine-fatum.com {
forward_auth 192.168.0.200:9091 {
uri /api/verify?rd=https://auth.sine-fatum.com/
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
}
reverse_proxy 192.168.0.200:6021
}
host1.sine-fatum.com {
tls /etc/ssl/custcerts/mycustomcert.crt /etc/ssl/custcerts/mycustomkey.key
reverse_proxy 192.168.0.200:6009
}
host2.sine-fatum.com {
reverse_proxy 192.168.0.200:6008
}