Skip to content

Commit

Permalink
Merge branch 'master' of github.com:robertdebock/docker-cntlm
Browse files Browse the repository at this point in the history
  • Loading branch information
@robertdebock
robertdebock committed Feb 21, 2020
2 parents 099bfbe + 1a3890c commit 8e4010f
Show file tree
Hide file tree
Showing 4 changed files with 96 additions and 57 deletions.
2 changes: 1 addition & 1 deletion .travis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,5 +7,5 @@ install:
- docker build .

script:
- docker run $(docker build -q .) /bin/sh -c "echo Password YoUrPaSsWoRd > /etc/cntlm.conf ; /usr/sbin/cntlm -H -u username -d mydomain"
- echo "YoUrPaSsWoRd" | docker run -e "USERNAME=username" -e "DOMAIN=mydomain" -e "PROXY=anything:1234" --rm -i $(docker build -q .) -H
- docker run -e "USERNAME=username" -e "DOMAIN=mydomain" -e "PASSNTLMV2=123ABC" -e "PROXY=123.123.123.123:3128" -d $(docker build -q .)
13 changes: 1 addition & 12 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,20 +11,9 @@ RUN apk add curl && \
rm -Rf cntlm-0.92.3.tar.gz cntlm-0.92.3 && \
apk del --no-cache .build-deps

ENV USERNAME example
ENV PASSWORD UNSET
ENV DOMAIN example.com
ENV PROXY example.com:3128
ENV LISTEN 0.0.0.0:3128
ENV AUTH UNSET
ENV PASSLM UNSET
ENV PASSNT UNSET
ENV PASSNTLMV2 UNSET
ENV NOPROXY UNSET

EXPOSE 3128

ADD start.sh /start.sh
RUN chmod +x /start.sh

CMD /start.sh
ENTRYPOINT ["/start.sh"]
50 changes: 34 additions & 16 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,16 +20,15 @@ A password hash needs te be generated once, after which is can be used when runn

```console
docker run \
robertdebock/docker-cntlm \
/bin/sh -c \
"echo Password YoUrPaSsWoRd > /etc/cntlm.conf ; \
/usr/sbin/cntlm -H \
-u username \
-d mydomain"
-e "USERNAME=username" \
-e "DOMAIN=mydomain" \
-e "PROXY=anything:1234" \
--rm -it robertdebock/docker-cntlm -H
```

Now you have to enter your password (which will not be displayed) and press enter.

Replace:
- `YoUrPaSsWoRd` for your own password.
- `username` for your own username.
- `mydomain` for you own domain.

Expand All @@ -51,27 +50,46 @@ To run the proxy:
This is an example of how to run this container.

``` console
docker run \
docker run --restart always --name cntlm \
-e "USERNAME=username" \
-e "DOMAIN=mydomain" \
-e "PASSNTLMV2=640937B847F8C6439D87155508FA8479" \
-e "PROXY=123.123.123.123:8080" \
-p 3128:3128 \
robertdebock/docker-cntlm
```

Other settings you might want to use are:

| Variable| Description |
| --- | --- |
| LISTEN | The IP/hostname and port (separated by a colon) to listen to. I.e. "127.0.0.1:8080" |
| PASSNTLMV2 | Required for auth method Auth NTLMv2. |
| AUTH | Auth parameter. |
| PASSNT | Required for auth method Auth NTLM2SR, Auth NT and Auth NTLM. |
| PASSLM | Required for auth method Auth LM and Auth NTLM. |
| OPTIONS | Optional variable to enable cntlm features. I.e. for debugging: "-v". |
| Variable | Description | Example |
| ------------- | ------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------- |
| USERNAME | Your username for the proxy. | |
| PASSWORD | The password of the user. Should be avoided to use. Go with NTLM tokens. | |
| DOMAIN | Your domain for the proxy. | |
| LISTEN | The IP/hostname and port (separated by a colon) to listen to. | `127.0.0.1:8080` |
| PASSNTLMV2 | Required for auth method Auth NTLMv2. | |
| AUTH | Auth parameter. | |
| PASSNT | Required for auth method Auth NTLM2SR, Auth NT and Auth NTLM. | |
| PASSLM | Required for auth method Auth LM and Auth NTLM. | |
| PROXY | A proxy list the traffic is send to. Can be a list separated by `;`. Will be splitted into multiple `Proxy ...` lines in the `cntlm.conf`. | `localhost:3128;localhost:3129` |
| NOPROXY | For address which should not be routed through the proxy. Comma separated list. | `127.0.0.1, 10.*` |
| OPTIONS | Optional variable to enable cntlm features. | `-v` for debugging |
| CUSTOM_CONFIG | If you want to manually mount a config you can set this variable to skip all settings. Should be mounted into `etc/cntlm.conf`. | |

Find [technical details here](http://cntlm.sourceforge.net/cntlm_manual.pdf).

## Mount custom config

If you want to use an existing `cntlm.conf` you can mount it directly by settings the `CUSTOM_CONFIG` environment variable.

``` console
docker run --restart always --name cntlm \
-e "CUSTOM_CONFIG=true" \
-p 3128:3128 \
-v /path/to/cntlm.conf:/etc/cntlm.conf \
robertdebock/docker-cntlm
```

## Using in Docker Compose

You can use this container quite well in a docker-compose. Docker compose can simply be used to run as a stand-alone proxy. In that case the docker-compose.yml simply saves all variable, and can be started by running:
Expand Down
88 changes: 60 additions & 28 deletions start.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,43 +3,75 @@
# All values are written to /etc/cntlm.conf and also displayed for ease of use.
# (Passwords are not displayed).

echo "Username ${USERNAME}" | tee /etc/cntlm.conf
if [[ -z "${CUSTOM_CONFIG}" ]]; then
# No custom config. Add all information.

if [ "${PASSWORD}" != "UNSET" ] ; then
echo "Password ${PASSWORD}" >> /etc/cntlm.conf
echo "Password -HIDDEN-"
fi
if [[ -z "${USERNAME}" ]]; then
echo "USERNAME not defined."
exit 1
else
echo "Username ${USERNAME}" | tee /etc/cntlm.conf
fi

echo "Domain ${DOMAIN}" | tee -a /etc/cntlm.conf
if [[ -z "${DOMAIN}" ]]; then
echo "DOMAIN not defined."
exit 1
else
echo "Domain ${DOMAIN}" | tee -a /etc/cntlm.conf
fi

if [ "${PROXY}" ] ; then
echo "Proxy ${PROXY}" | tee -a /etc/cntlm.conf
else
echo "No proxy defined! Please set it using the variable \"PROXY\"."
exit 1
fi
if ! [[ -z "${PASSWORD}" ]]; then
echo "Password ${PASSWORD}" >> /etc/cntlm.conf
echo "Password -HIDDEN-"
fi

echo "Listen ${LISTEN}" | tee -a /etc/cntlm.conf
if [[ -z "${PROXY}" ]]; then
echo "PROXY not defined."
exit 1
else
for i in $(echo ${PROXY} | sed "s/;/ /g")
do
echo "Proxy ${i}" | tee -a /etc/cntlm.conf
done
fi

if [ "${AUTH}" != "UNSET" ] ; then
echo "Auth ${AUTH}" | tee -a /etc/cntlm.conf
fi
if [[ -z "${NOPROXY}" ]]; then
NOPROXY='localhost, 127.0.0.*, 10.*, 192.168.*'
fi

if [ "${PASSLM}" != "UNSET" ] ; then
echo "PassLM ${PASSLM}" | tee -a /etc/cntlm.conf
fi
echo "NoProxy ${NOPROXY}" | tee -a /etc/cntlm.conf

if [ "${PASSNT}" != "UNSET" ] ; then
echo "PassNT ${PASSNT}" | tee -a /etc/cntlm.conf
fi
if [[ -z "${LISTEN}" ]]; then
LISTEN='0.0.0.0:3128'
fi

if [ "${PASSNTLMV2}" != "UNSET" ] ; then
echo "PassNTLMv2 ${PASSNTLMV2}" | tee -a /etc/cntlm.conf
echo "Listen ${LISTEN}" | tee -a /etc/cntlm.conf

if ! [[ -z "${AUTH}" ]]; then
echo "Auth ${AUTH}" | tee -a /etc/cntlm.conf
fi

if ! [[ -z "${PASSLM}" ]]; then
echo "PassLM ${PASSLM}" | tee -a /etc/cntlm.conf
fi

if ! [[ -z "${PASSNT}" ]]; then
echo "PassNT ${PASSNT}" | tee -a /etc/cntlm.conf
fi

if ! [[ -z "${PASSNTLMV2}" ]]; then
echo "PassNTLMv2 ${PASSNTLMV2}" | tee -a /etc/cntlm.conf
fi
else
# Custom config will be mounted. Skip everything.
echo "Custom config will be used. Skipping all custom settings."
fi

if [ "${NOPROXY}" != "UNSET" ] ; then
echo "NoProxy ${NOPROXY}" | tee -a /etc/cntlm.conf
# first arg is `-H` or `--some-option`
if [ "${1#-}" != "$1" ]; then
set -- /usr/sbin/cntlm -c /etc/cntlm.conf "$@"
else
set -- /usr/sbin/cntlm -c /etc/cntlm.conf -f ${OPTIONS}
fi

# Start cntlm after all configuration has been written.
/usr/sbin/cntlm -c /etc/cntlm.conf -f ${OPTIONS}
exec "$@"

0 comments on commit 8e4010f

Please sign in to comment.