If not using trusted proxies, our frontend IPv6 are banned because rack attacks thinks the clients of the lab are the frontends, and banned them after a few mistakes on credentials, making the lab inaccessible for everyone.
Let's use X-Forwarding-For HTTP header set by the frontend to see the real client IPs. For this, it is necessary to add real_ip module to nginx.
Also, if this MR is accepted, I will need the IPv6 of the real lab frontends to set them as instance parameter nginx_real_ip_trusted_addresses.
More details on issue 9.