This cuts some complexity while also getting rid of the Docker userspace proxy which is slow compared to kernelspace routing. It also allows us to make GitLab consume a second IP for GitLab Pages without too much fuckery.
The changes are already applied.
Reviewers should check:
That all required ports now exist properly directly on the interface.
That no undesired ports are exposed to the outside (check nmap vs. firewall config).
That registry, ssh and normal web things still work via IPv4 and IPv6.