The nginx configuration was set to pass X-Forwarded-For and related headers
unodified to backend services.
This works fine when nginx is deployed behind another load balancer
(for example ELB), which already properly sets the X-Forwarded-* for headers.
But in simpler deployment scenarios, where nginx is directly facing the end user,
nginx should discard any existing X-Forwarded-For headr and set it to remote IP of the request,
the X-Forwarded-Port header to the nginx server port, and the X-Forwarded-Proto
to the scheme of the current request.
The 'NGINX_SET_X_FORWARDED_HEADERS' is set to False by default, but set to True
in the edx_sandbox playbook, where an additional load balancer in front of nginx
is not usually present.
