I’ve never used Varnish myself but you certainly can run both on the same server. To do that, you need to free up port 80 for HAProxy and bind Varnish to another port.
/etc/default/varnish and replace
DAEMON_OPTS="-a :80 \ with
DAEMON_OPTS="-a :8080 \. If Apache2 is listening on port 8080, you can configure Varnish to listen on another port such as 8888 or whatever port you like.
Then, install HAProxy and configure it to listen on port 80 and reverse proxy connections to 127.0.0.1:8080 where 8080 is the port that Varnish is listening on.
Keep in mind that HAProxy isn’t designed to protect from DDoS attacks but it can be configured to help in doing so.