You want to use apache with varnish and ssl. Let´s start.
First install Varnish 6
Please Look here for install Varnish on Ubuntu/Debian
https://packagecloud.io/varnishcache/varnish41/install#manual-deb
replace trusty with bionic
root@remote:~# cat /etc/apt/sources.list.d/varnishcache_varnish60.list
deb https://packagecloud.io/varnishcache/varnish60/ubuntu/ bionic main
deb-src https://packagecloud.io/varnishcache/varnish60/ubuntu/ bionic main
Install Varnish 6
apt-get install varnish

start and enable Varnish as service
sudo systemctl start varnish.service
sudo systemctl enable varnish.service

Attention look here for more information about Varnish and Systemd
https://docs.varnish-software.com/tutorials/configuring-systemd-services/
Next Step we configure Varnish
systemctl edit varnish.service
Insert following, feel free do adjust your memory settings
[Service]
ExecStart=
ExecStart=/usr/sbin/varnishd -a :6081 -f /etc/varnish/default.vcl -s malloc,256m -p first_byte_timeout=600

we create a full replacement of varnish.service
systemctl edit --full varnish.service
Make your changes and save the file. After saving we reloading the systemd config
systemctl daemon-reload
You can also adjust /etc/varnish/default.vcl for Browser caching or anything else
https://konkretor.com/2017/05/29/leverage-browser-caching-with-varnish/
That´s it for install and adjust Varnish
Install Apache with SSL
apt-get install apache2
We create a redirect from http to https
vim /etc/apache2/sites-available/redirect.conf
<Virtualhost vhost.example.com>
ServerName vhost.example.com
DocumentRoot /var/www/html
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>
</Virtualhost>
We create a new vhost file with rondtrip.conf, we running the static site with port 8080
vim /etc/apache2/sites-available/roundtrip.conf
<VirtualHost *:8080>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
We create a new vhost file for ssl
vim /etc/apache2/sites-available/ssl.conf
<VirtualHost *:443>
DocumentRoot /var/www/
SSLEngine on
SSLCertificateKeyFile /etc/ssl/private/sslcert.key
SSLCertificateFile /etc/ssl/private/sslcert.crt
# SSLCertificateChainFile /eDigiCertCA.crt
</VirtualHost>
we delete the default site, we don´t need it
rm /etc/apache2/sites-enabled/000-default.conf
We are enable the apache config
a2ensite redirect.conf
a2ensite ssl.conf
a2ensite roundtrip.conf
We are enable port 8080
vim /etc/apache2/ports.conf
add
Listen 8080
Enable some modules that we need
a2enmod proxy
a2enmod proxy_http
a2enmod headers
Check your Apache Config
apachectl configtest
Restart your Apache
systemctl restart apache
That´s it!