Merge branch 'hchouraria-admin-plantuml-redirect-note-tls-browsers' into 'master'

PlantUML note about redirects when using TLS See merge request gitlab-org/gitlab!50599

Merge branch 'hchouraria-admin-plantuml-redirect-note-tls-browsers' into 'master'
PlantUML note about redirects when using TLS See merge request gitlab-org/gitlab!50599
1f16e36c · Wei-Meng Lee · 37983a16 · b24a843a · 1f16e36c
Commit 1f16e36c authored Jan 13, 2021 by Wei-Meng Lee
Show whitespace changes
Inline Side-by-side

Showing with 8 additions and 2 deletions

doc/administration/integration/plantuml.md doc/administration/integration/plantuml.md +8 -2

No files found.
--- a/doc/administration/integration/plantuml.md
+++ b/doc/administration/integration/plantuml.md
@@ -90,8 +90,8 @@ the configuration below accordingly.
 ### Making local PlantUML accessible using custom GitLab setup

 The PlantUML server runs locally on your server, so it is not accessible
-externally. As such, it is necessary to catch external PlantUML calls and
-redirect them to the local server.
+externally by default. As such, it is necessary to catch external PlantUML
+calls and redirect them to the local server.

 The idea is to redirect each call to `https://gitlab.example.com/-/plantuml/`
 to the local PlantUML server `http://plantuml:8080/` or `http://localhost:8080/plantuml/`, depending on your setup.
@@ -112,6 +112,12 @@ To activate the changes, run the following command:
 sudo gitlab-ctl reconfigure
 ```

+Note that the redirection through GitLab **must** be configured
+when running [GitLab with TLS](https://docs.gitlab.com/omnibus/settings/ssl.html)
+due to PlantUML's use of the insecure HTTP protocol. Newer browsers such
+as [Google Chrome 86+](https://www.chromestatus.com/feature/4926989725073408)
+do not load insecure HTTP resources on a page served over HTTPS.
+
 ### Security

 PlantUML has features that allows fetching network resources.