How would that actually work?

TLS runs on the client and the server. There's no "TLS magic box" in between.

Like let’s say you have a proxy server like Nginx on a server with a public facing ip address and then it also has access to a private subnet where your application servers are running. A visitor to your website’s browser make a secure https connection the nginx server where https would be terminated and then it would proxy traffic in plain http over your internal private subnet to the app server. And your are in a five eyes country where your intelligence services took it on themselves to follow the nsa or fbis instructions and plug a network device into those private subnets of all the big service providers inside their datacenters that is configured in something like a promiscuous way so it receives all the packets for any device on the network. Then those packets somehow end up in a big nsa datalake.. or something along those lines

(Or was, back then. These days you can probably collapse all of that into a single medium-sized epyc or something.)

I know where there are Sun V880s still running Oracle databases in a biggish cluster.

Their processor power, memory capacity, and storage capacity are exactly equivalent to a Raspberry Pi 4 with a biggish SD card.

We have come a long way.

If there was it'd be called Cloudflare :)