Show PlantUML diagrams without exposing PlantUML server to outer world
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Problem to solve
When PlantUML integration is enabled, rendered images are referring directly to PlantUML server.
Further details
This requires that PlantUML server must be accessible to external world which is not necessarily what you want in production environment. Especially when comes to possibility of uncontrolled use, securing PlantUML server etc.
Additionally, when gitlab is behind proxy (like nginx), the PlantUML service must be available to both gitlab AND external world under the same URL. This raises problems (like in my setup) when gitlab is running in docker container and plantuml in another connected using virtual network and both containers are accessible under short and non-public urls.
Proposal
There are many possible ways to address this issue.
One of the possibilities is to provide configuration option that specifies external URL pattern for PlantUML images (e.g. like https://gitlab.mydomain.com/puml/) which can be used on rendered gitlab pages to point to images. This can be further mapped on nginx proxy to redirect to internal plantuml server keeping it secure and not exposed to outer world.
Another option would be to build this mapping directly into gitlab and use one of gitlab http servers to proxy calls to tral plantuml server. This will require no additional configuration at all, but might increase load on gitlab servers.
What does success look like, and how can we measure that?
In success case the images generated by plantuml will be accessible (in this way or another) to outer world without exposing PlantUML server to outer world.