nginx: Send SNI for proxied S3 requests.

Some S3 backends (e.g. garage or minio behind caddy) are unable to
respond to TLS requests that only have the Host header set. This makes
sure those configurations are supported going forward.

puppet/zulip/files/nginx/zulip-include-frontend/uploads-internal.conf

@@ -11,6 +11,8 @@ location ~ ^/internal/s3/(?<s3_hostname>[^/]+)/(?<s3_path>.*) {
     # (see associated commit message for more details)
     set $download_url https://$s3_hostname/$s3_path;
     proxy_set_header Host $s3_hostname;
+    proxy_ssl_name $s3_hostname;
+    proxy_ssl_server_name on;
 
     # Strip off X-amz-cf-id header, which otherwise the request has to
     # have been signed over, leading to signature mismatches.