Best approach for web farm type setup?

What is the best approach for having nginx in a web farm type setup
where I
want to forward http connections to an proxy upstream if they match one
a very long/highly dynamic list of host names? All of the host names we
interested in will resolve to our address space, so could it be as
as defining a resolver and having an allow for our CIDR’s? Or do I need
something more elaborate like a database of allowed hostnames?

A related question might be, whats that best approach if I wanted to
TLS into the mix? Would I need to keep SSL certs for each of my very
long/highly dynamic list of hosts resident? Or is there a way to manage
that more dynamically? Assume that everyone connecting supports SNI.

In both cases I’m just looking for high level/best practices. I can work
out the details but want to make sure I’m going the right direction and
asking the right questions.