diff --git a/roles/dch-proxy/templates/haproxy.cfg.j2 b/roles/dch-proxy/templates/haproxy.cfg.j2
index afa2723..1fa0e0d 100644
--- a/roles/dch-proxy/templates/haproxy.cfg.j2
+++ b/roles/dch-proxy/templates/haproxy.cfg.j2
@@ -7,9 +7,13 @@ acl blocklist src {{ dch_proxy_blocklist|join(' ') }}
 frontend main
     bind :::80
 
+    log-format "${HAPROXY_HTTP_LOG_FMT} %[var(txn.http_host)]"
+
     {{ acls() | indent(4) }}
     tcp-request connection reject if blocklist !allowlist
 
+    http-request set-var(txn.http_host) req.hdr(host)
+
 {% for site in dch_proxy_sites %}
     use_backend {{ site.backend }} if { hdr(host) -i {% if site.matcher|d %}-m {{ site.matcher }} {% endif %}{{ site.match }} }
 {% endfor %}
@@ -20,9 +24,12 @@ frontend main-tls
     mode tcp
     option tcplog
 
+    log-format "${HAPROXY_TCP_LOG_FMT} %[var(txn.ssl_sni)]"
+
     {{ acls() | indent(4) }}
     tcp-request connection reject if blocklist !allowlist
     tcp-request inspect-delay 5s
+    tcp-request content set-var(txn.ssl_sni) req.ssl_sni
     tcp-request content accept if { req.ssl_hello_type 1 }
 
 {% for site in dch_proxy_sites %}