diff --git a/data/deployments/staging/common.yaml b/data/deployments/staging/common.yaml
--- a/data/deployments/staging/common.yaml
+++ b/data/deployments/staging/common.yaml
@@ -101,7 +101,12 @@
   - journal0.internal.staging.swh.network
 
 swh::deploy::deposit::vhost::letsencrypt_cert: deposit_staging
+swh::deploy::deposit::reverse_proxy::backend_http_host: deposit.internal.staging.swh.network
+swh::deploy::deposit::reverse_proxy::backend_http_port: "%{alias('::profile::varnish::backend_http_port')}"
+
 swh::deploy::webapp::vhost::letsencrypt_cert: archive_staging
+swh::deploy::webapp::reverse_proxy::backend_http_host: webapp.internal.staging.swh.network
+swh::deploy::webapp::reverse_proxy::backend_http_port: "%{alias('::profile::varnish::backend_http_port')}"
 
 swh::postgresql::version: '12'
 swh::postgresql::port: 5433
diff --git a/site-modules/profile/manifests/swh/deploy/reverse_proxy.pp b/site-modules/profile/manifests/swh/deploy/reverse_proxy.pp
--- a/site-modules/profile/manifests/swh/deploy/reverse_proxy.pp
+++ b/site-modules/profile/manifests/swh/deploy/reverse_proxy.pp
@@ -10,6 +10,8 @@
   each($service_names) |$service_name| {
     # Retrieve certificate name
     $cert_name = lookup("swh::deploy::${service_name}::vhost::letsencrypt_cert")
+    $backend_http_host = lookup("swh::deploy::${service_name}::reverse_proxy::backend_http_host")
+    $backend_http_port = lookup("swh::deploy::${service_name}::reverse_proxy::backend_http_port")
 
     # Retrieve the list of vhosts
     $vhosts = lookup('letsencrypt::certificates')[$cert_name]['domains']
@@ -23,8 +25,10 @@
 
     realize(::Profile::Hitch::Ssl_cert[$cert_name])
     ::profile::varnish::vhost {$vhost_name:
-      aliases      => $vhost_aliases,
-      hsts_max_age => lookup('strict_transport_security::max_age'),
+      aliases           => $vhost_aliases,
+      backend_http_host => $backend_http_host,
+      backend_http_port => $backend_http_port,
+      hsts_max_age      => lookup('strict_transport_security::max_age'),
     }
 
     $icinga_checks_file = lookup('icinga2::exported_checks::filename')
diff --git a/site-modules/profile/manifests/varnish.pp b/site-modules/profile/manifests/varnish.pp
--- a/site-modules/profile/manifests/varnish.pp
+++ b/site-modules/profile/manifests/varnish.pp
@@ -76,5 +76,8 @@
     order   => '00',
   }
 
-  include ::profile::varnish::default_vcls
+  ::profile::varnish::vcl_include {'synth_redirect':
+    order   => '10',
+    content => file('profile/varnish/synth_redirect.vcl'),
+  }
 }
diff --git a/site-modules/profile/manifests/varnish/default_vcls.pp b/site-modules/profile/manifests/varnish/default_vcls.pp
deleted file mode 100644
--- a/site-modules/profile/manifests/varnish/default_vcls.pp
+++ /dev/null
@@ -1,13 +0,0 @@
-# Default VCLs included with the varnish profile
-
-class profile::varnish::default_vcls {
-  ::profile::varnish::vcl_include {'backend_default':
-    order   => '01',
-    content => template('profile/varnish/backend_default.vcl.erb'),
-  }
-
-  ::profile::varnish::vcl_include {'synth_redirect':
-    order   => '10',
-    content => file('profile/varnish/synth_redirect.vcl'),
-  }
-}
diff --git a/site-modules/profile/manifests/varnish/vhost.pp b/site-modules/profile/manifests/varnish/vhost.pp
--- a/site-modules/profile/manifests/varnish/vhost.pp
+++ b/site-modules/profile/manifests/varnish/vhost.pp
@@ -4,10 +4,18 @@
   String $servername = $title,
   String $order = '50',
   Array[String] $aliases = [],
+  String $backend_http_host,
+  String $backend_http_port,
   Optional[String] $vcl_recv_extra = undef,
   Optional[String] $vcl_deliver_extra = undef,
   Variant[Undef, String, Integer[1]] $hsts_max_age = undef,
 ) {
+
+  ::profile::varnish::vcl_include {"backend_${servername}":
+    order   => '01',
+    content => template('profile/varnish/backend.vcl.erb'),
+  }
+
   ::profile::varnish::vcl_include {"vhost_${servername}":
     order   => $order,
     content => template('profile/varnish/vhost.vcl.erb'),
diff --git a/site-modules/profile/templates/varnish/backend.vcl.erb b/site-modules/profile/templates/varnish/backend.vcl.erb
new file mode 100644
--- /dev/null
+++ b/site-modules/profile/templates/varnish/backend.vcl.erb
@@ -0,0 +1,11 @@
+# backend_default.vcl
+#
+# Default backend definition.
+#
+# File managed by puppet. All modifications will be lost.
+
+backend <%= Regexp.escape(@servername) %>
+{
+    .host = "<%= @backend_http_host %>";
+    .port = "<%= @backend_http_port %>";
+}
diff --git a/site-modules/profile/templates/varnish/backend_default.vcl.erb b/site-modules/profile/templates/varnish/backend_default.vcl.erb
deleted file mode 100644
--- a/site-modules/profile/templates/varnish/backend_default.vcl.erb
+++ /dev/null
@@ -1,10 +0,0 @@
-# backend_default.vcl
-#
-# Default backend definition.
-#
-# File managed by puppet. All modifications will be lost.
-
-backend default {
-    .host = "::1";
-    .port = "<%= scope['::profile::varnish::backend_http_port'] %>";
-}
diff --git a/site-modules/profile/templates/varnish/vhost.vcl.erb b/site-modules/profile/templates/varnish/vhost.vcl.erb
--- a/site-modules/profile/templates/varnish/vhost.vcl.erb
+++ b/site-modules/profile/templates/varnish/vhost.vcl.erb
@@ -16,6 +16,7 @@
             return(synth(850, "Moved permanently"));
         } else {
             set req.http.X_FORWARDED_PROTO = "https";
+            set req.backend_hint = <%= Regexp.escape(@servername) %>;
         }
 <% if @vcl_recv_extra -%>
         <%= @vcl_recv_extra %>