diff --git a/inventory/host_vars/buildvm-s390x-01.stg.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390x-01.stg.s390.fedoraproject.org
new file mode 100644
index 0000000000..4b666b673d
--- /dev/null
+++ b/inventory/host_vars/buildvm-s390x-01.stg.s390.fedoraproject.org
@@ -0,0 +1,4 @@
+---
+varnish_group: s390kojipkgs
+# needed because this host has a varnish cache on it.
+custom_rules: [ '-A INPUT -s 10.16.0.0/24 -p tcp -m tcp --dport 80 -j ACCEPT' ]
diff --git a/playbooks/groups/buildvm.yml b/playbooks/groups/buildvm.yml
index 4df4bd4aca..c8d9a3e2a9 100644
--- a/playbooks/groups/buildvm.yml
+++ b/playbooks/groups/buildvm.yml
@@ -171,8 +171,8 @@
   - import_tasks: "{{ handlers_path }}/restart_services.yml"
 
 
-- name: configure varnish cache on buildvm-s390x-07.s390.fedoraproject.org
-  hosts: buildvm-s390x-07.s390.fedoraproject.org
+- name: configure varnish cache
+  hosts: buildvm-s390x-07.s390.fedoraproject.org:buildvm-s390x-01.stg.s390.fedoraproject.org
   tags:
     - varnish
   user: root
diff --git a/roles/base/templates/iptables/iptables.kojibuilder b/roles/base/templates/iptables/iptables.kojibuilder
index 51daa98bd8..243d267d53 100644
--- a/roles/base/templates/iptables/iptables.kojibuilder
+++ b/roles/base/templates/iptables/iptables.kojibuilder
@@ -33,6 +33,9 @@
 {% if host in groups['buildvm-s390x'] %}
 -A OUTPUT -p tcp -m tcp -d 10.16.0.17 --dport 80 -j ACCEPT
 {% endif %}
+{% if host in groups['buildvm-s390x-stg'] %}
+-A OUTPUT -p tcp -m tcp -d 10.16.0.25 --dport 80 -j ACCEPT
+{% endif %}
 
 #koji.fp.o
 -A OUTPUT -p tcp -m tcp -d 10.5.125.63 --dport 80 -j ACCEPT
diff --git a/roles/koji_builder/templates/kojid.conf b/roles/koji_builder/templates/kojid.conf
index 3c28a3372e..9fbb8216aa 100644
--- a/roles/koji_builder/templates/kojid.conf
+++ b/roles/koji_builder/templates/kojid.conf
@@ -30,6 +30,9 @@ use_createrepo_c=True
 {% if host in groups['buildvm-s390x'] %}
 # s390x builders use a local varnish cache
 topurl = http://kojipkgs-cache01.s390.fedoraproject.org https://kojipkgs01.fedoraproject.org https://kojipkgs02.fedoraproject.org
+{% elif host in groups['buildvm-s390x-stg'] %}
+# s390x staging builder uses a local varnish cache
+topurl = http://kojipkgs-cache01.stg.s390.fedoraproject.org {{koji_topurl}}
 {% elif koji_topurl == 'https://kojipkgs.fedoraproject.org/' %}
 ; add some additional urls for failover
 topurl = {{koji_topurl}} https://kojipkgs01.fedoraproject.org https://kojipkgs02.fedoraproject.org
diff --git a/roles/varnish/templates/s390kojipkgs.vcl.j2 b/roles/varnish/templates/s390kojipkgs.vcl.j2
index c2d1b14e55..bbca6e9475 100644
--- a/roles/varnish/templates/s390kojipkgs.vcl.j2
+++ b/roles/varnish/templates/s390kojipkgs.vcl.j2
@@ -13,6 +13,19 @@ acl repoallowed {
 acl purge {
   "127.0.0.1"/32;
 }
+
+{% if env == 'staging' %}
+backend koji01 {
+    .host = "koji01.stg.phx2.fedoraproject.org";
+    .probe = {
+        .url = "/";
+        .timeout = 1s;
+        .interval = 5s;
+        .window = 5;
+        .threshold = 3;
+    }
+}
+{% else %}
 backend kojipkgs01 {
     .host = "kojipkgs01.phx2.fedoraproject.org";
     .probe = {
@@ -40,12 +53,17 @@ sub vcl_init {
     primarykojipkgs.add_backend(kojipkgs01);
     primarykojipkgs.add_backend(kojipkgs02);
 }
+{% endif %}
 
 sub vcl_recv {
     # This gets arround the silly, ::1 that Apache adds on the proxies (still need to look at that)
     set req.http.X-Forwarded-For = regsub(req.http.X-Forwarded-For, "^([a-f0-9:.]+), .+$", "\1");
 
+{% if env == 'staging' %}
+    set req.backend_hint = koji01;
+{% else %}
     set req.backend_hint = primarykojipkgs.backend();
+{% endif %}
     unset req.http.cookie;
     set req.http.clear-cookies = "yes";