We currently have one Nginx server acting as a reverse proxy for each domain/user, with each user having their own dedicated Nginx or Apache web server.
INTERNET --> Nginx Reverse Proxy --> USER #1 --> Apache
:80 :443 \
--> USER #2 --> Nginx
\
--> USER #3 --> Apache
\
--> USER #4 --> Nginx
\
--> USER #5 --> Nginx
\
--> USER #6 --> Apache
To integrate Varnish in this setup, I think it's easiest to position Varnish between the main Nginx server and the users. This allows the main Nginx to continue handling SSL/TLS termination. However, to enable each user to safely manage their Varnish cache, it might be more practical to deploy separate Varnish within each user's container.
This approach allows users to manage their Varnish instance independently, so some users can choose to utilize Varnish while others may opt not to. For example:
INTERNET --> Nginx Reverse Proxy --> USER #1 --> Varnish Cache --> Apache
:80 :443 \
--> USER #2 --> Varnish Cache --> Nginx
\
--> USER #3 --> Apache
\
--> USER #4 --> Varnish Cache --> Nginx
\
--> USER #5 --> Nginx
\
--> USER #6 --> Varnish Cache --> Apache
What are your thoughts? How would you prefer the varnish to be applied?
A single varnish server that is forced for all users, or 1 varnish per user?