Varnish backend request sent to itself?

Martynas Jusevičius martynas at atomgraph.com
Wed Mar 18 10:41:23 UTC 2020 

My attempt to obfuscate the hosts failed :) Sorry for that.

In short: the configured backend is atomgraph.dydra.com but
BereqHeader Host is atomgraph.dydra.varnish. Why?

On Wed, Mar 18, 2020 at 11:36 AM Martynas Jusevičius
<martynas at atomgraph.com> wrote:
>
> Hi,
>
> I'm using varnish-5.2.1 revision 67e562482 as a Docker image and
> trying to restore the setup that was working some time ago.
>
> However I'm getting 503 Backend fetch failed.
>
> The VCL file clearly specifies the backend:
>
> backend default {
>     .host = "atomgraph.some_host.com";
>     .port = "80";
>     .first_byte_timeout = 60s;
> }
>
> Varnish itself runs on atomgraph.some_host.varnish, as specified in
> docker-compose.yml.
>
> When I login into the container, I see the client request:
>
> -   ReqMethod      GET
> -   ReqURL         /smth/smth/...
> -   ReqProtocol    HTTP/1.1
> -   ReqHeader      Accept:
> application/rdf+xml,text/rdf+n3,application/n-triples,text/csv,application/rdf+xml,application/rdf+thrift,text/turtle,application/rdf+json
> -   ReqHeader      Cache-Control: no-cache
> -   ReqHeader      Authorization: Basic bGlua2VkZGF0YWh1YjpqYThhc3BhdHV0YWtFdGhV
> -   ReqHeader      Host: atomgraph.dydra.varnish
> -   ReqHeader      Connection: Keep-Alive
> -   ReqHeader      User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
> -   ReqHeader      X-Forwarded-For: 172.30.0.3
>
> However when I look at the backend request:
>
> -   BereqMethod    GET
> -   BereqURL       /smth/smth/...
> -   BereqProtocol  HTTP/1.1
> -   BereqHeader    Accept:
> application/rdf+xml,text/rdf+n3,application/n-triples,text/csv,application/rdf+xml,application/rdf+thrift,text/turtle,application/rdf+json
> -   BereqHeader    Authorization: Basic bGlua2VkZGF0YWh1YjpqYThhc3BhdHV0YWtFdGhV
> -   BereqHeader    Host: atomgraph.dydra.varnish
> -   BereqHeader    User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
> -   BereqHeader    X-Forwarded-For: 172.30.0.3
> -   BereqHeader    X-Varnish: 32783
>
> it looks like it is calling itself (i.e. the local fake .varnish
> backend host instead of the real .com one), judging from the
> BereqHeader Host.
>
> If that is the case, then no wonder that the backend request fails:
>
> -   BerespProtocol HTTP/1.1
> -   BerespStatus   503
> -   BerespReason   Service Unavailable
> -   BerespReason   Backend fetch failed
>
> How can this be?
>
> Martynas

More information about the varnish-misc mailing list