To make the cloudelastic service publicly available we need to expose it to the appropriate networks. Basic plan:
- Add a new port that only allows GET requests
- Optionally, if possible, allow POST to ^/.*/_m?search$
- Expose that port, via ferm, to the wmfcloud srange
A new port is used, rather than the existing tlsproxy port, as the new port needs to be read only. It will be easier to guarantee things are configured properly accepting production write traffic on separate ports from the read only traffic.