I’m doing TLS termination on a frontend, and using the host-header with a domain map to forward to a backend pool of servers. The servers on the backend have names like worker1.myapp.company.net, but the host header is something like www.myapp.com.
I’ve verified that it is using the correct backend when requests go to www.myapp.com, and TLS serves correctly.
The issue is that requests to the backend worker servers are using the SNI and/or host header for worker1.myapp.company.net, instead of www.myapp.com, which is what the worker servers expect. I ran wireshark on the backend server and was able to see this SNI value, too.
Is there a way to change both requests and health checks on the backend so that they use the SNI and Host Header values that came to the frontend in the first place? There will be dozens of domains going through this front-end and back-end, so I can’t hardcode domain values either.