Jira Integration via more secure mirror


I am moving from self hosted Jira to Jira Cloud, and I want to maintain my git integration. However, I do not want to expose my internal Gitlab server directly to the Internet despite having an IP AllowList specifically for Jira.

Instead, I would like to put up a Gitlab Community Edition server on a host located in my DMZ. This host will receive updates from the Gitlab server, and act as the integration point for Jira. In the event it is compromised, it will not be able to access more sensitive information on my internal network.

My question is on the best way to go about doing this. Should I try to do some kind of Gitlab mirror on my DMZ and then point Jira at it? Should I just set up a git repo on my DMZ server and do get pulls periodically? Then, I could just point my Jira integration at it via SSH? Is there another solution that might work even better that I don’t know about?

Any help with the best way to get to where I am going would be appreciated.