Do not expose ports of internal services

[defnull]

The current docker-compose file exposes all internal service ports (including redis and elasticsearch, which both are not even password protected) to the world for no reason at all.

[hjhsalo]

Thanks for opening an issue about this.
Ports were opened for local development use case, but this is not mentioned in the README or anywhere else for that matter.
WDYT should we create a docker-compose-dev.yml that has ports mappings as they are now and remove port mappings other than 80 and 443 from docker-compose.yml ? (@hevp)
Also README.md should be updated accordingly.

[defnull]

Even for development this should be limited to localhost.