diff --git a/playbooks/include/proxies-reverseproxy.yml b/playbooks/include/proxies-reverseproxy.yml
index 5115184222..72d24ce78b 100644
--- a/playbooks/include/proxies-reverseproxy.yml
+++ b/playbooks/include/proxies-reverseproxy.yml
@@ -240,6 +240,14 @@
     proxyurl: http://localhost:10039
     when: env == "staging"
 
+  - role: httpd/reverseproxy
+    website: apps.fedoraproject.org
+    destname: koschei
+    localpath: /koschei
+    remotepath: /koschei
+    proxyurl: "{{ varnish_url }}"
+    when: env == "staging"
+
   - role: httpd/reverseproxy
     website: admin.fedoraproject.org
     destname: yk-val
diff --git a/roles/haproxy/files/haproxy.cfg b/roles/haproxy/files/haproxy.cfg
index 6a673c514b..75bcf1738d 100644
--- a/roles/haproxy/files/haproxy.cfg
+++ b/roles/haproxy/files/haproxy.cfg
@@ -186,6 +186,8 @@ listen  kerneltest 0.0.0.0:10038
     server  kerneltest01 kerneltest01:80 check inter 10s rise 1 fall 2
     option httpchk GET /kerneltest
 
+# 10040 is reserved for koschei
+
 # Apache doesn't handle the initial connection here like the other proxy
 # entries.  This proxy also doesn't use the http mode like the others.
 # stunnel should be sitting on port 9939 (public) and redirecting
diff --git a/roles/haproxy/files/haproxy.cfg.stg b/roles/haproxy/files/haproxy.cfg.stg
index c8e8807fa1..c6e7eaa23e 100644
--- a/roles/haproxy/files/haproxy.cfg.stg
+++ b/roles/haproxy/files/haproxy.cfg.stg
@@ -174,6 +174,11 @@ listen  mirrormanager2 0.0.0.0:10039
     server  mm-frontend01 mm-frontend01:80 check inter 60s rise 2 fall 3
     option  httpchk GET /mirrormanager2
 
+listen  koschei 0.0.0.0:10040
+    balance hdr(appserver)
+    server  koschei01 koschei01:80 check inter 10s rise 1 fall 2
+    option  httpchk GET /koschei/
+
 # Apache doesn't handle the initial connection here like the other proxy
 # entries.  This proxy also doesn't use the http mode like the others.
 # stunnel should be sitting on port 9939 (public) and redirecting
diff --git a/roles/varnish/files/proxy.vcl b/roles/varnish/files/proxy.vcl
index 14e8846128..0deb289b3b 100644
--- a/roles/varnish/files/proxy.vcl
+++ b/roles/varnish/files/proxy.vcl
@@ -123,6 +123,11 @@ backend mirrormanager2 {
     .port = "10039";
 }
 
+backend koschei {
+    .host = "localhost";
+    .port = "10040";
+}
+
 
 acl purge {
     "192.168.1.129"; // wiki01.vpn
@@ -246,6 +251,13 @@ sub vcl_recv {
             set req.url = regsub(req.url, "\?.*", "");
         }
     }
+    if (req.http.X-Forwarded-Server ~ "^koschei.fedoraproject.org") {
+        set req.backend_hint = koschei;
+        if (req.url ~ "^/static/") {
+            unset req.http.cookie;
+            set req.url = regsub(req.url, "\?.*", "");
+        }
+    }
     if (req.http.X-Forwarded-Server ~ "^qa.fedoraproject.org") {
         if (req.url ~ "^/blockerbugs") {
              set req.backend_hint = blockerbugs;