Ultimately, it doesn’t matter if you assume the attacker can listen to data after the proxy. The proxy will have to send a SNI to the server, which, barring ESNI as you do, has to be in clear text.
If you want to use unencrypted SNI, then the SNI will be sent to the web server in clear text! There’s no way around this. You may encrypt it inside another layer along parts of the path, but the web server needs the unencrypted SNI.
If the attacker can listen to traffic before and after proxy this should be a rather trivial correlation to make.
If, however, the attacker is in the local network of the client, all that matters is to set up a encrypted tunnel to outside the local network. This can be HTTPS, ssh, IPSec or any other tunneling technology.