In Traefik, how do I tell which FQDN a client connected to over TLS

Question

I am trying to setup a test system with two domains. Say, server1.com and server2.com. I define the secure entryPoint, define one router and one service - a simple loadBalancer with just one URL. When I hit the endPoint like this:

$ curl -k https://server1.com/ or $ curl -k https://server2.com/

Everything works alright. The requests are forwarded to my service and I see the X-Forwarded-Host header with server1.com or server2.com.

The problem comes if I do this:

$ curl -k -H "host: server2.com" https://server1.com

Now I still get the X-Forwarded-Host with server2.com but I have no indication that the TLS connection was made for server1.com

Is there any way to pass this information to my service? This is an important thing to know for my application.

I use the 'passTLSClientCert' middleware to pass on client certificate details. If I could pass on the server cert used, my problem would be solved too.

Here is my static yaml for Traefik:

entryPoints:
  web:
    address: ":8123"
  websecure:
    address: ":8124"
    http2:
      maxConcurrentStreams: 250
  traefik:
    address: ":8082"

log:
  level: TRACE
accessLog: {}

api:
  insecure: true
  dashboard: true
  debug: true

providers:
  file:
    filename: /etc/traefik/dyn-config.yaml
    watch: true

And my dynamic yaml:

http:
  routers:
    router1:
      rule: "Path(`/`)"
      service: service1
      tls: true
      entryPoints:
        - "websecure"
      middlewares:
        - "sendclientcert"
    router2:
      rule: "Path(`/`)"
      service: service1
      tls: false
      entryPoints:
        - "web"

  services:
    service1:
      loadBalancer:
        servers:
          - url: "http://my-server:5555"

  middlewares:
    sendclientcert:
      passTLSClientCert:
        pem: true
        info:
          serialNumber: true
          subject:
            commonName: true
            serialNumber: true
          issuer:
            commonName: true
            serialNumber: true
tls:
  certificates:
    - certFile: "/etc/traefik/our-keys/server1-cert.pem"
      keyFile: "/etc/traefik/our-keys/server1-key.pem"
      stores:
        - default
    - certFile: "/etc/traefik/our-keys/server2-cert.pem"
      keyFile: "/etc/traefik/our-keys/server2-key.pem"
      stores:
        - default
  options:
    default:
      clientAuth:
        clientAuthType: RequireAnyClientCert

And I use this shell script to run the Traefik image for testing - I don't use docker-compose:

docker run \
  -it \
  --rm \
  --name traefik \
  --mount type=bind,source=/my/test/setup,target=/etc/traefik,readonly \
  --mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock,readonly \
  --hostname traefik \
  --network host \
  -m 2g \
  traefik \
  --configFile=/etc/traefik/static-config.yaml

Thanks.