Using SNI to route proxy_pass to upstream SSL host

Hey guys,

I am trying to get the following setup running:
Nginx is listening to port 443. According to the users host (SNI), it
should route the SSL requests to a upstream daemon / host which will
take care of SSL certification, handshake and so on.

Nginx should not touch the request, just pass it.
Since SSL also encrypts the header, it makes this setup a little bit
more difficult than expected. A hint on serverfault indicated that SNI
might be useful for this?

My current experiment:

server { listen 443; server_name example01.com; location / {
proxy_set_header Host $http_host; proxy_pass https://127.0.0.1:8001; } }
server { listen 443; server_name example02.com; location / {
proxy_set_header Host $http_host; proxy_pass https://127.0.0.1:8002; } }
server { listen 443; server_name example03.com; location / {
proxy_set_header Host $http_host; proxy_pass https://127.0.0.1:8003; } }
server { listen 443; server_name example04.com; location / {
proxy_set_header Host $http_host; proxy_pass https://127.0.0.1:8004; } }

However, this doesn’t seem to work.

Any ideas on this?

Cheers,
David