indicates your systems talk to each other over the internet. This is expected in case both are using public FQDN. in this case your caddy must trust your as a trusted proxy.
You could also shortcut the communication inside of your Docker system following the approach I described in Probably DNS help with NC Docker + Collabora + Wireguard tunnel. adding
will make all docker containers in network proxy to access cloud.mydomain.tld without the internet loop.
Maybe How to verify notify_push works correctly? helps with troubleshooting