diff --git a/site-modules/profile/manifests/swh/deploy/reverse_proxy.pp b/site-modules/profile/manifests/swh/deploy/reverse_proxy.pp
index 10db678a..9e2886d4 100644
--- a/site-modules/profile/manifests/swh/deploy/reverse_proxy.pp
+++ b/site-modules/profile/manifests/swh/deploy/reverse_proxy.pp
@@ -1,93 +1,94 @@
 # Reverse proxy to expose staging services
 # https://forge.softwareheritage.org/T2747
 class profile::swh::deploy::reverse_proxy {
   include ::profile::hitch
   include ::profile::varnish
 
   $service_names = lookup('swh::deploy::reverse_proxy::services')
   $varnish_http_port = lookup('varnish::http_port')
 
   each($service_names) |$service_name| {
     # Retrieve certificate name
     $cert_name = lookup("swh::deploy::${service_name}::vhost::letsencrypt_cert")
     $backend_http_host = lookup("swh::deploy::${service_name}::reverse_proxy::backend_http_host")
     $backend_http_port = lookup("swh::deploy::${service_name}::reverse_proxy::backend_http_port")
 
     # Retrieve the list of vhosts
     $vhosts = lookup('letsencrypt::certificates')[$cert_name]['domains']
     if $swh_hostname['fqdn'] in $vhosts {
       $vhost_name = $swh_hostname['fqdn']
     } else {
       $vhost_name = $vhosts[0]
     }
     # Compute aliases, removing the main vhost from the list
     $vhost_aliases = delete($vhosts, $vhost_name)
 
     realize(::Profile::Hitch::Ssl_cert[$cert_name])
     ::profile::varnish::vhost {$vhost_name:
       aliases           => $vhost_aliases,
+      backend_name      => $service_name,
       backend_http_host => $backend_http_host,
       backend_http_port => $backend_http_port,
       hsts_max_age      => lookup('strict_transport_security::max_age'),
     }
 
     $icinga_checks_file = lookup('icinga2::exported_checks::filename')
 
     # icinga alerts
     @@::icinga2::object::service {"${service_name} http redirect on ${::fqdn}":
       service_name  => "swh ${service_name} http redirect",
       import        => ['generic-service'],
       host_name     => $::fqdn,
       check_command => 'http',
       vars          => {
         http_address => $vhost_name,
         http_vhost   => $vhost_name,
         http_port    => $varnish_http_port,
         http_uri     => '/',
       },
       target        => $icinga_checks_file,
       tag           => 'icinga2::exported',
     }
 
     $vhost_ssl_port = lookup('apache::https_port')
 
     # $vhost_ssl_protocol = lookup('swh::deploy::webapp::vhost::ssl_protocol')
     # $vhost_ssl_honorcipherorder = lookup('swh::deploy::webapp::vhost::ssl_honorcipherorder')
     # $vhost_ssl_cipher = lookup('swh::deploy::webapp::vhost::ssl_cipher')
 
     @@::icinga2::object::service {"swh-${service_name} https on ${::fqdn}":
       service_name  => "swh ${service_name}",
       import        => ['generic-service'],
       host_name     => $::fqdn,
       check_command => 'http',
       vars          => {
         http_address    => $vhost_name,
         http_vhost      => $vhost_name,
         http_port       => $vhost_ssl_port,
         http_ssl        => true,
         http_sni        => true,
         http_uri        => '/',
         http_onredirect => sticky
       },
       target        => $icinga_checks_file,
       tag           => 'icinga2::exported',
     }
 
     @@::icinga2::object::service {"swh-${service_name} https certificate ${::fqdn}":
       service_name  => "swh ${service_name} https certificate",
       import        => ['generic-service'],
       host_name     => $::fqdn,
       check_command => 'http',
       vars          => {
         http_address     => $vhost_name,
         http_vhost       => $vhost_name,
         http_port        => $vhost_ssl_port,
         http_ssl         => true,
         http_sni         => true,
         http_certificate => 15,
       },
       target        => $icinga_checks_file,
       tag           => 'icinga2::exported',
     }
   }
 }
diff --git a/site-modules/profile/manifests/varnish/vhost.pp b/site-modules/profile/manifests/varnish/vhost.pp
index 9f80348e..88a96c7d 100644
--- a/site-modules/profile/manifests/varnish/vhost.pp
+++ b/site-modules/profile/manifests/varnish/vhost.pp
@@ -1,23 +1,24 @@
 # Virtual host definition for varnish
 
 define profile::varnish::vhost (
   String $servername = $title,
   String $order = '50',
   Array[String] $aliases = [],
+  String $backend_name,
   String $backend_http_host,
   String $backend_http_port,
   Optional[String] $vcl_recv_extra = undef,
   Optional[String] $vcl_deliver_extra = undef,
   Variant[Undef, String, Integer[1]] $hsts_max_age = undef,
 ) {
 
-  ::profile::varnish::vcl_include {"backend_${servername}":
+  ::profile::varnish::vcl_include {$backend_name:
     order   => '01',
     content => template('profile/varnish/backend.vcl.erb'),
   }
 
   ::profile::varnish::vcl_include {"vhost_${servername}":
     order   => $order,
     content => template('profile/varnish/vhost.vcl.erb'),
   }
 }
diff --git a/site-modules/profile/templates/varnish/backend.vcl.erb b/site-modules/profile/templates/varnish/backend.vcl.erb
index 22b673db..c6bb78b2 100644
--- a/site-modules/profile/templates/varnish/backend.vcl.erb
+++ b/site-modules/profile/templates/varnish/backend.vcl.erb
@@ -1,11 +1,11 @@
 # backend_default.vcl
 #
 # Default backend definition.
 #
 # File managed by puppet. All modifications will be lost.
 
-backend <%= Regexp.escape(@servername) %>
+backend <%= @backend_name %>
 {
     .host = "<%= @backend_http_host %>";
     .port = "<%= @backend_http_port %>";
 }
diff --git a/site-modules/profile/templates/varnish/vhost.vcl.erb b/site-modules/profile/templates/varnish/vhost.vcl.erb
index dab14bb5..85866a0d 100644
--- a/site-modules/profile/templates/varnish/vhost.vcl.erb
+++ b/site-modules/profile/templates/varnish/vhost.vcl.erb
@@ -1,45 +1,45 @@
 # vhost_<%= @servername %>.vcl
 #
 # Settings for the <%= @servername %> vhost
 #
 # File managed by puppet. All modifications will be lost.
 
 sub vcl_recv {
     if (
 <% @aliases.each do |alias_| -%>
         req.http.host ~ "^(?i)<%= Regexp.escape(alias_) %>$" ||
 <% end -%>
         req.http.host ~ "^(?i)<%= Regexp.escape(@servername) %>$"
     ) {
         if (std.port(server.ip) == <%= scope['::profile::varnish::http_port'] %>) {
             set req.http.x-redir = "https://" + req.http.host + req.url;
             return(synth(850, "Moved permanently"));
         } else {
             set req.http.X_FORWARDED_PROTO = "https";
-            set req.backend_hint = <%= Regexp.escape(@servername) %>;
+            set req.backend_hint = <%= @backend_name %>;
         }
 <% if @vcl_recv_extra -%>
         <%= @vcl_recv_extra %>
 <% end -%>
     }
 }
 
 <% if @hsts_max_age or @vcl_deliver_extra -%>
 sub vcl_deliver {
     if (
 <% @aliases.each do |alias_| -%>
         req.http.host ~ "^(?i)<%= Regexp.escape(alias_) %>$" ||
 <% end -%>
         req.http.host ~ "^(?i)<%= Regexp.escape(@servername) %>$"
     ) {
 <% if @hsts_max_age -%>
         if (std.port(server.ip) != <%= scope['::profile::varnish::http_port'] %>) {
             set resp.http.Strict-Transport-Security = "max-age=<%= @hsts_max_age %>;";
         }
 <% end -%>
 <% if @vcl_deliver_extra -%>
         <%= @vcl_deliver_extra %>
 <% end -%>
     }
 }
 <% end -%>