Error 503 Backend fetch failed

#1

I have some problem with ngnix varnish configuration.
When I connect https://example.com I got this messages:

Error 503 Backend fetch failed
Backend fetch failed

I’m using hitch for configuration and conf file looks like this

/etc/hitch/hitch.conf

## Basic hitch config for use with Varnish and Acmetool

# Listening
frontend = "[*]:443"
ciphers  = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"

# Send traffic to the Varnish backend using the PROXY protocol
backend        = "[::1]:6086"
write-proxy-v2 = on

# If you run Varnish 4.0 use this instead
#backend        = "[::1]:6081"
#write-proxy-v2 = off 

# List of PEM files, each with key, certificates and dhparams
pem-file = "/var/lib/acme/live/example.com/haproxy"

# Set uid/gid after binding a socket
# Uncomment these on CentOS/RHEL
#user = "hitch"
#group = "hitch"

and I’m using acmetool and conf file looks like this
/etc/varnish/acmetool.vcl

 # Forward challenge-requests to acmetool, which will listen to port 402
# when issuing lets encrypt requests

backend acmetool {
   .host = "127.0.0.1";
   .port = "402";
}

sub vcl_recv {

    if (req.url ~ "^/.well-known/acme-challenge/") {
        set req.backend_hint = acmetool;

return(pass);

    }
}

My ports (output of “netstat -peanut” )

    Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode      PID/Program name
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      0          18694      836/hitch
tcp        0      0 0.0.0.0:6081            0.0.0.0:*               LISTEN      0          51753      2816/varnishd
tcp        0      0 127.0.0.1:6082          0.0.0.0:*               LISTEN      0          51790      2816/varnishd
tcp        0      0 142.93.244.9:443        212.2.212.133:62429     TIME_WAIT   0          0          -
tcp        0      0 142.93.244.9:443        212.2.212.133:62426     FIN_WAIT2   0          0          -
tcp        0      0 142.93.244.9:443        212.2.212.133:62427     FIN_WAIT2   0          0          -
tcp6       0      0 :::443                  :::*                    LISTEN      0          18695      836/hitch
tcp6       0      0 :::6081                 :::*                    LISTEN      0          51754      2816/varnishd
tcp6       0      0 ::1:6086                :::*                    LISTEN      0          51755      2816/varnishd
tcp6       0      0 ::1:6086                ::1:33656               TIME_WAIT   0          0          -
tcp6       0      0 ::1:6086                ::1:33660               TIME_WAIT   0          0          -
#2

Is nginx running? I don’t see it in your netstat output.

#3

I agree, this statement seems misleading; as there is only hitch+varnish running.

#4

I forgot to add nginx line. Nginx working on 8080 port

#5

OK, so draw it out…
https://example.com
goes to hitch (*:443)
hitch goes to varnish ([::1]:6086)
varnish goes to nginx ([::1]:8080)
? ? ?

Which parts have you tested to be working?

#6

And you might want to include how/why/when/where…
this problem includes LetsEncrypt and thus would benefit it being answered in this forum.
[I’m assuming hitch is using an LE cert but it isn’t quite clear]

#7

I reinstalled nginx and it’s working but not correctly. There are so many errors like that " Mixed Content: The page at ‘’ was loaded over HTTPS, but requested an insecure stylesheet ‘’. This request has been blocked; the content must be served over HTTPS." I think it’s about proxy thing.Do you know how can I fix that?

#8

Try using:
https://www.whynopadlock.com/

#9

I think you mentioned in another thread that you’re using Wordpress, right? You may need to change your site URL to https:// in the Wordpress admin settings. The proxy setup might be confusing any attempt it might be making to detect HTTPS connections automatically (since Varnish is presumably connecting to it over HTTP).

#10

Exactly, I’m using wordpress and I changed url in wp-config.php. Yes, I think the problem is about proxy. All links in the website ( like js css png ) coming http:// and they’re not working about that. I need to force to https all links. I tried something in the varnish but website is down. Have you any idea for achieve that?

#11

Changing the url in WordPress should be sufficient, I would have thought. Maybe Varnish is caching the old version of the html? Have you tried restarting it?

#12

Yeah I restarted serve, nginx, varnish lots of time.But it’s same like https://ibb.co/JpYJD2g

#13

https://codex.wordpress.org/Changing_The_Site_URL

Did you change both WP_HOME and WP_SITEURL to HTTPS?

#14

yes I did. By the way I fixed the problem with changing all urls from database with “Better search replace” plugin.Thanks buddies!

1 Like
closed #15

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.