PlantUML note about redirects when using TLS

The PlantUML service can be configured to serve traffic outside
of localhost, and the redirection can normally be avoided in
this situation.

However, on GitLab installations using TLS, new mixed-content browser
policies will perform a silent upgrade of HTTP connections to HTTPS
and/or refuse to load a HTTP resource altogether when TLS is in use.

The redirection becomes a requirement in this situation.

The change adds a note to the PlantUML redirect step
in docs to explain this.

doc/administration/integration/plantuml.md

@@ -90,8 +90,8 @@ the configuration below accordingly.
 ### Making local PlantUML accessible using custom GitLab setup
 
 The PlantUML server runs locally on your server, so it is not accessible
-externally. As such, it is necessary to catch external PlantUML calls and
-redirect them to the local server.
+externally by default. As such, it is necessary to catch external PlantUML
+calls and redirect them to the local server.
 
 The idea is to redirect each call to `https://gitlab.example.com/-/plantuml/`
 to the local PlantUML server `http://plantuml:8080/` or `http://localhost:8080/plantuml/`, depending on your setup.
@@ -112,6 +112,13 @@ To activate the changes, run the following command:
 sudo gitlab-ctl reconfigure
 ```
 
+NOTE:
+The redirection through GitLab **must** be configured
+when running [GitLab with TLS](https://docs.gitlab.com/omnibus/settings/ssl.html)
+due to PlantUML's use of the insecure HTTP protocol. Newer browsers such
+as [Google Chrome 86+](https://www.chromestatus.com/feature/4926989725073408)
+do not load insecure HTTP resources on a page served over HTTPS.
+
 ### Security
 
 PlantUML has features that allows fetching network resources.