cloudelastic refers to cloudelastic100[1234].wikimedia.org.
There are two separate streams of requests that cloudelastic cares about:
prod mediawiki -> cloudelastic:9[246]43. https, tls terminated by nginx. Receives production document updates
internet -> cloudelastic:8[246]43. tls terminated by nginx. Only accepts GET requests. Receives search queries. Limited by ferm to wmf cloud ip ranges not for privacy, but for service stability.
Ideally both of these should have a load balancer (likely LVS) in front of them so nodes can be cleanly added/removed/etc. without any clients knowing or caring.