I've started setting up my media server and was wondering if I should put my docker containers with sonarr and radarr behind my VPN the same as my qbit?
You can but you don't need to. All they really do is organise everything. Any requests go through Prowlarr/Jackett which do the API calls then push that to qBit. One could argue you should put Prowlarr behind a VPN as well but it depends on the trackers you have in there.
It change your public IP, so when you swap server the services you use will see another IP from you, if you swap server constantly supposing someone it's trying to find out where you are they will have a list of different places and it will make it harder to know where you really are so they will desist using the IP method.
There is a variety of measures you have to take to be secure, swapping servers it's just one of them.
I'm having some difficulties getting both sonarr and radarr working simultaneously behind my VPN because they default to the same port. I'm not very well versed in docker, so I don't know how to fix the port issue behind the VPN, but I can fix it if they're just separate from the VPN.
i have them all connected to my gluetun vpn. prowlar sonarr radar qbit deluge everything under the vpn. maybe overkill but prefer it for the safety even if it adds some latency to them
I trust sonarr and radarr to disable telemetry via the options, so I don't think you have any benefits from putting them behind VPN. All download clients ofc make sense
i put mine behind free-proton-vpn via privoxy-vpn.. in case my usenet indexers got busted, you never know.. its free and costs you only a bit time to set up