r/dch-proxy: Include host name in log messages

When troubleshooting configuration or connection issues, it will be
helpful to have the value of the HTTP Host header present in log
messages emitted by HAProxy.  This will help reason about HAProxy's
routing decisions.

For TLS connections, of course, we don't have access to the Host header,
but we can use the value of the TLS SNI field.  Note that the requisite
`content set-var` directive MUST come before the `content accept`;
HAProxy stops processing all `tcp-request content ...` directives once
it has encountered a decision.

roles/dch-proxy/templates/haproxy.cfg.j2

@@ -7,9 +7,13 @@ acl blocklist src {{ dch_proxy_blocklist|join(' ') }}
 frontend main
     bind :::80
 
+    log-format "${HAPROXY_HTTP_LOG_FMT} %[var(txn.http_host)]"
+
     {{ acls() | indent(4) }}
     tcp-request connection reject if blocklist !allowlist
 
+    http-request set-var(txn.http_host) req.hdr(host)
+
 {% for site in dch_proxy_sites %}
     use_backend {{ site.backend }} if { hdr(host) -i {% if site.matcher|d %}-m {{ site.matcher }} {% endif %}{{ site.match }} }
 {% endfor %}
@@ -20,9 +24,12 @@ frontend main-tls
     mode tcp
     option tcplog
 
+    log-format "${HAPROXY_TCP_LOG_FMT} %[var(txn.ssl_sni)]"
+
     {{ acls() | indent(4) }}
     tcp-request connection reject if blocklist !allowlist
     tcp-request inspect-delay 5s
+    tcp-request content set-var(txn.ssl_sni) req.ssl_sni
     tcp-request content accept if { req.ssl_hello_type 1 }
 
 {% for site in dch_proxy_sites %}