Varnish "FetchError no backend connection" error
I had a similar issue when trying to test Varnish locally with different backends. Using 127.0.0.1:8080
worked fine but changing the port to 8081
gave me a 503, even though that backend worked perfectly for me outside Varnish.
The problem was caused by SELinux not allowing the connection. I found that out by tailing the audit log and provoking the 503 from Varnish:
$ sudo tail -f /var/log/audit/audit.log
type=AVC msg=audit(1539253067.438:1379): avc: denied { name_connect } for pid=10154 comm="varnishd" dest=8081 scontext=system_u:system_r:varnishd_t:s0 tcontext=system_u:object_r:transproxy_port_t:s0 tclass=tcp_socket
To see ports allowed by SELinux from Varnish you can use this command:
$ sudo semanage port -l | grep http_cache_port_t
http_cache_port_t tcp 8080, 8118, 8123, 10001-10010
To fix the issue you can either use another port, e.g. 8118
or ask SELinux to allow connections to 8081
from Varnish.
The command to add the port is - the -a
flag is to add the port:
semanage port -a -t http_cache_port_t -p tcp 8081
If you get a message telling you that the port is already defined then you need to modify rather than add the port:
ValueError: Port tcp/8081 already defined
The command swaps the -a
flag for -m
- 'modify':
semanage port -m -t http_cache_port_t -p tcp 8081