Is nginx running in docker?
Is fail to Ban in docker?
Have you read nginx docs for the the stuff you have set in nginx. Understanding this better may help you setup appropriately.
Honestly the examples are generic but you may need to make minor change for your system. Look at nginx config at link. This is general setup for nginx proxy to ha. I don’t use fail to Ban to I not have clear idea how traffic will route through it.
Ultimately, I believe trusted_ proxy should be IP of last address sending traffic (likely nginx).
I ask 2 question above because this determine how traffic should route and IP address to use, using docker or local networking
Also, take into account that
If nginx in docker and you send to HA@hostIP traffic is like
WAN>>LAN>>dockerlan>>nginx>>dockerlan>>LAN>>dockerlan>>ha
If nginx in docker and you send to HA@dockerIP traffic is like
WAN>>LAN>>dockerlan>>nginx>>dockerlan>>ha
If nginx on host and you send to HA@hostIP traffic is like
WAN>>LAN>>nginx>>LAN>>dockerlan>>ha
I say this as how you setup trusted proxy and x_forward_for must take the routing into account as in first example you can imagine that from HA perspective nginxIP is not @localhost but docker IP but all traffic forwarded through localhost.