How to prevent forwarding to the web server back-end port when using Varnish

Depending on your web server and Varnish configurations, you may find that URLs that do not end in a trailing slash get redirected to Varnish’s back-end port:

http://example.com/about --> http://example.com:8080/about/

If you have (and hopefully you do) your firewall blocking direct access to the back-end port, you can end up with a timeout error.

The solution to this is to put your web service back on port 80, rather than 8080 or something else, and configure Varnish to talk to it on the loopback address 127.0.0.1 on port 80 (not localhost or the server’s IP address):

backend default {
    .host = "127.0.0.1";
    .port = "80";
}

If using Apache, set your ports.conf to chat on port 80 again, and any change any port references in your enabled site config files.  Then restart Varnish and Apache.

This will allow front and back-end communications to operate on the same port but always use different interfaces, resulting in no conflicts, and any redirects will not be blocked at the firewall.