Using HAProxy makes this extremely easy. No need to do weird rewriting rules or so.

Just create an HTTPS frontend session, bind port 443/TCP and add the different servers you’ll be hitting by FQDN. HAProxy will forward even the SSL handshake back to the assigned server.

    frontend https-frontend
      bind *:443
      option tcplog
      mode tcp
    
      tcp-request inspect-delay 5s
      tcp-request content accept if { req.ssl_hello_type 1 }
    
      acl service_1 req.ssl_sni -i service_1.fqdn
      acl service_2 req.ssl_sni -i service_2.fqdn
    
      use_backend backend_1 if service_1
      use_backend backend_2 if service_2
      default_backend backend_default
    
      backend backend_default
      mode tcp
      server srv_default 127.0.0.1:443
    
      backend backend_1
      mode tcp
      server srv_service_1 192.168.1.1:443
    
      backend backend_2
      mode tcp
      server srv_service_2 192.168.1.2:443