Learning things the hard way by getting my hands dirty is also the way I have learned about the concept of a reverse proxy behind another reverse proxy. The setup I had was a docker-compose file that configured multiple services including Nginx as a reverse proxy. Nothing special here, works on many places, worked on my VPS of choice.
The problem of course started when I wanted to add another service to that server to utilize its resources better. My first idea was to move the Nginx service from that docker-compose file somewhere else. For the simplicity, let's consider it would be a bare-metal Nginx configured as a reverse proxy. In theory it could work fine - just convert the Nginx configuration file shipped with the docker-compose to the vhost file.
Sadly, after a bit of digging I have learned that this would not be so simple. The biggest problem I have encountered was that separating the Nginx service out of the docker-compose meant that it lost access to the docker-compose network. Any upstream server defined in such Nginx configuration would not be accessible outside of said network, certainly not from the bare-metal Nginx server. At least not without additional configuration. I have found this option to be quite error prone, especially since the existing docker-compose file was working without any problem. Don't fix it if ain't broke, they say. I agree. What is the other option?
A containerized Nginx service as a reverse proxy behind a bare-metal Nginx as a reverse proxy? My mind was not quite ready to accept such configuration at the time the idea struck my mind. I though such constellation to be convoluted and needlessly complex, not to mention the added resource overhead. I started looking around if someone else is doing such a horrendous thing too.
In a world where the possibilities of a single individual expand exponentially every day, it is only inevitable that there is someone doing a thing someone else would consider crazy. But it turns out something similar is discussed here and the answer, albeit not boasting a very large traffic, still confirms a technique employing multiple tiers of a reverse proxies on the same server is nothing new.
Infused with newly found courage, I went on putting the idea to work. I got surprised I had it running flawlessly in under ten minutes, give or take. Everything is impossible, until finished. Hopefully I learn soon enough that I made a good design decision.