From wikitech-l thread:
Private wikis should require HTTPS by default.
Roughly this would need;
- Setup a server for this role and give it an external ip.
- Configure to answer https: with the star certificate and then perform the normal wiki routing.
- Redirect http to https.
- Change usage of bits load.php to the local one (avoid mixed content warnings and protect against active attackers).
- Change the dns records to the new ip.
No need for caching layer in front of it, as anonymous users can't read it. If there were, $wgCookieSecure may need to be manually set.