As discussed in T278495: Figure out plan for mailman IP situation, we should put lists.wikimedia.org's web interface behind LVS. Exim/mail is excluded since we might go a different route for that: T232343#7059925.
Currently, we get a TLS cert from acme-chief and Apache redirects nearly all HTTP traffic over to HTTPS, where we have a bunch of routing and redirects
We probably want to end up with Apache just serving over HTTP, and envoy doing HTTPS in between Apache<-->LVS/caches.