How does nginx forward a domain name request to an ip address using a certificate?

Question

Good day! I have upstream and proxypass configured in the nginx config. There is no information about the domain name anywhere in the config. The upstream contains the ip addresses of the hosts xxx and yyy where the same site is located. Nginx listens on port 443 on host zzz and redirects requests to one of the two hosts. The certificate contains information about the domain name. When trying to go through this domain name, nginx redirects to host xxx or yyy, but I don’t understand how it does it if we go through the domain name, and nginx redirects the request to the ip address. The config also includes certificate verification. The crux of the question: how does nginx redirect requests by domain name to ip addresses if they are not explicitly related in any way?

UPD. The certificate contains the domain name DOMAIN_NAME. When navigating to DOMAIN_NAME, nginx grabs this request at zzz and redirects to xxx or yyy. All of these hosts have certificates. I'm interested in the very principle of redirecting requests from a domain name to an ip address.

upstream name {
    least_conn;
    server xxx:1448;
    server yyy:1448;
}

server {
    listen 443 ssl;
    listen 4443 ssl;
    server_name  zzz;
    ssl_certificate /path/to/cert;
    ssl_certificate_key /path/to/private/key;
    access_log  /var/log/nginx-access.log upstreamlog;

    location /loc {
        proxy_pass              https://name/loc;
        proxy_set_header        Host                    $host;
        proxy_set_header        X-Real-IP               $remote_addr;
        proxy_set_header        X-Forwarded-For         $proxy_add_x_forwarded_for;
        proxy_http_version      1.1;
    }
    ...
}

Answer 1

the relation of these three hosts is upstream and server config section, for example:

upstream section

upstream upstream_name {
 server 192.168.1.xxx weight=5;
 server 192.168.1.yyy weight=5;
}

server section(partialy)

server {
    host zzz.domain_suffix;
    location / {
        proxy_pass http://upstream_name;
        #if your xxx and yyy host need a host name to identify the domain,you can set proxy header
        #proxy_set_header Host subHost.domain_sufixx
    }
}

base on up example,the flow is:

User

-> Host zzz.domain_suffix

-> choose xxx or yyy to process this request(pick the sub server based on upstream section)

-> xxx or yyy return the respone to Host zzz.domain_suffix -> zzz.domain_suffix return this response

-> User

Comment

user navigate to zzz.domain_suffix with ssl verification, but zzz.domain_suffix to xxx or yyy does not need a ssl verification, because zzz to xxx or yyy use http protocol, of course you can use https protocol, just add the proxy_set_header Host ,then you must deploy corresponding cert on these two host (xxx and yyy).