IMO, a DMZ is always needed when a system is accessed from the internet. Based on the customer requirements I sometimes place the Webserver into the DMZ. More often, a reverse-proxy is placed in a DMZ and that system sends the requests to the server on the local LAN. I do this if the customer wants to have the server in his internal network for whatever reasons.
For the really security-aware customers (well, most of them are not) both the reverse-proxy and the server is placed in separate DMZs.
For the reverse-proxy, I personally like to use a Linux-box with NGINX. But that is only a personal preference.
EDIT: I would also place the Webserver and the Database in different DMZs.