search

plantuml / plantuml-server

PlantUML Online Server
https://plantuml.com/
GNU General Public License v3.0
1.6k stars 463 forks source link

Run container with an outbound http proxy? #211

Closed ckazimie closed 1 year ago

ckazimie commented 2 years ago

How to start the server in container with an outbound http proxy?

If you are behind a firewall then the drawings that use Internet resources will not work unless you can specify the outbound http proxy server.

chkpnt commented 2 years ago

Just use the Java system properties http.proxyHost et al.

I've tried to use the environment variables http_proxy / https_proxy in combination with the Java system property java.net.useSystemProxies, but that didn't worked in my test.

In case you are using Docker compose, you can use the following Jinja2-template as a guide:

  plantuml:
    image: {{ plantuml_image }}
    container_name: plantuml
    restart: unless-stopped
    networks:
      - backend
    environment:
      http_proxy: {{ http_proxy }}
      https_proxy: {{ http_proxy }}
      no_proxy: {{ no_proxy }}
      CATALINA_OPTS: >-
        -Dhttp.proxyHost={{ http_proxy | urlsplit('hostname') }}
        -Dhttp.proxyPort={{ http_proxy | urlsplit('port') }}
        -Dhttp.nonProxyHosts="{{ no_proxy_java }}"
        -Dhttps.proxyHost={{ http_proxy | urlsplit('hostname') }}
        -Dhttps.proxyPort={{ http_proxy | urlsplit('port') }}

For your purpose, you are only required to set CATALINA_OPTS to configure the proxy for the java process (tomcat). But it may be handy if the container itself is configured to use the proxy, so you can easily install packages within the container for debugging purposes (the container does not even provide ps!).

oholimoli commented 2 years ago

Thank you for the Jinja2 template, I'm not sure how to use it. Do you have a example for a setup like this:

The plantuml entry in the reverse proxy is:

  location /-/plantuml/ {
    proxy_cache off;
    proxy_pass  http://plantuml:8080/;
  }

Plantuml works fine when it is used by my GitLab instance, that is also running with docker-compose.

The problem I have now is that I cannot use plantuml directly in the browser (I suppose because of the missing configuration in your tempate). The URL displayed is still http://plantuml:8080/png ...

How would I have to fill out the template for the template for https://subdomain.mydomain.com/-/plantuml?

chkpnt commented 2 years ago

Thank you for the Jinja2 template, I'm not sure how to use it.

Just replace {{ ... }} with the corresponding value. I'm using Ansible to setup / provision my GitLab instance, therefore Jinja2.

Puh, that's quite off topic, but okay: I'm using PlantUML with GitLab in a Docker compose setup, too! Your nginx configuration looks just like mine:

services:
  gitlab:
    image: {{ gitlab_image }}
    container_name: gitlab
    restart: unless-stopped
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url '{{ gitlab_external_url }}'

        # Bundled Reverse-Proxy:
        nginx['listen_port'] = 80
        nginx['listen_https'] = false
        nginx['real_ip_trusted_addresses'] = [ '172.16.0.0/16' ]
        nginx['real_ip_header'] = 'X-Forwarded-For'

        # PlantUML
->      nginx['custom_gitlab_server_config'] = "location /-/plantuml/ { \n    proxy_cache off; \n    proxy_pass  http://plantuml:8080/; \n  }\n"
        gitlab_rails['env'] = { 'PLANTUML_ENCODING' => 'deflate' }
        ...
      TZ: Europe/Berlin
    volumes:
      - ./config:/etc/gitlab
      - ./data:/var/opt/gitlab
      - /var/log/gitlab:/var/log/gitlab
    networks:
      - gateway
      - backend
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=gateway"
      - "traefik.http.routers.gitlab.entryPoints=websecure"
      - "traefik.http.routers.gitlab.rule=Host(`{{ gitlab_hostname }}`)"
      - "traefik.http.services.gitlab.loadbalancer.server.port=80"
      - "traefik.tcp.routers.gitlab-ssh.rule=HostSNI(`*`)"
      - "traefik.tcp.routers.gitlab-ssh.entrypoints=gitlab-ssh"
      - "traefik.tcp.routers.gitlab-ssh.service=gitlab-ssh"
      - "traefik.tcp.services.gitlab-ssh.loadbalancer.server.port=22"

Please note, that my GitLab container is using the networks gateway (which is used between my reverse proxy (traefik) and GitLab) and backend, while my PlantUML container is only using backend.

As you say "Plantuml works fine when it is used by my GitLab instance", it has to work from outside, too. Otherwise, the diagram wouldn't be rendered at all:

grafik

oholimoli commented 2 years ago

Thank you very much for your detailed description. I haven't used Jinja2 templates.

Just replace {{ ... }} with the corresponding value. I'm using Ansible to setup / provision my GitLab instance, therefore Jinja2.

What would be the right replacement in the template when I have plantuml here: https://subdomain.mydomain.com/-/plantuml ? 

environment:
      http_proxy: http://subdomain.mydomain.com/-/plantuml ? 
      https_proxy:  https://subdomain.mydomain.com/-/plantuml ?  
      no_proxy: {{ no_proxy }}
      CATALINA_OPTS: >-
        -Dhttp.proxyHost={{ http_proxy | urlsplit('hostname') }}     <= ?
        -Dhttp.proxyPort={{ http_proxy | urlsplit('port') }}         <= ?
        -Dhttp.nonProxyHosts="{{ no_proxy_java }}"                   <= ?
        -Dhttps.proxyHost={{ http_proxy | urlsplit('hostname') }}    <= ?
        -Dhttps.proxyPort={{ http_proxy | urlsplit('port') }}        <= ?
Plaenkler commented 1 year ago

I am not sure if this ticket is the right place for my question. Has anyone already implemented a functional plantuml configuration with Traefik? Or is there a tutorial for docker-compose & Traefik?