[paxswill]

The HTTP request itself is encrypted, but the IP packet (including the source and destination IP addresses) is not. SSL/TLS is application level encryption, and if you wanted to encrypt the actual packet, you need to switch to something like IPsec, but even then you need some sort of routing method (which I can't remember).

[count]

IPSec can work in many different ways. One of those is to encapsulate the entire packet as the encrypted payload of a new packet, with the new packet having headers in plain text leading to the other end of the IPSec tunnel. That other end will then decrypt and forward as appropriate (this is called a 'tunnel').