IMO, a DMZ is always needed when a system is accessed from the internet. Based on the customer requirements I sometimes place the Webserver into the DMZ. More often, a reverse-proxy is placed in a DMZ and that system sends the requests to the server on the local LAN. I do this if the customer wants to have the server in his internal network for whatever reasons.
For the really security-aware customers (well, most of them are not) both the reverse-proxy and the server is placed in separate DMZs.
For the reverse-proxy, I personally like to use a Linux-box with NGINX. But that is only a personal preference.
EDIT: I would also place the Webserver and the Database in different DMZs.
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.