diff --git a/.travis.yml b/.travis.yml index 0fa3554..7e084b2 100644 --- a/.travis.yml +++ b/.travis.yml @@ -7,5 +7,5 @@ install: - docker build . script: - - docker run $(docker build -q .) /bin/sh -c "echo Password YoUrPaSsWoRd > /etc/cntlm.conf ; /usr/sbin/cntlm -H -u username -d mydomain" + - echo "YoUrPaSsWoRd" | docker run -e "USERNAME=username" -e "DOMAIN=mydomain" -e "PROXY=anything:1234" --rm -i $(docker build -q .) -H - docker run -e "USERNAME=username" -e "DOMAIN=mydomain" -e "PASSNTLMV2=123ABC" -e "PROXY=123.123.123.123:3128" -d $(docker build -q .) diff --git a/Dockerfile b/Dockerfile index 5c222f4..4dc31ea 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,20 +11,9 @@ RUN apk add curl && \ rm -Rf cntlm-0.92.3.tar.gz cntlm-0.92.3 && \ apk del --no-cache .build-deps -ENV USERNAME example -ENV PASSWORD UNSET -ENV DOMAIN example.com -ENV PROXY example.com:3128 -ENV LISTEN 0.0.0.0:3128 -ENV AUTH UNSET -ENV PASSLM UNSET -ENV PASSNT UNSET -ENV PASSNTLMV2 UNSET -ENV NOPROXY UNSET - EXPOSE 3128 ADD start.sh /start.sh RUN chmod +x /start.sh -CMD /start.sh +ENTRYPOINT ["/start.sh"] diff --git a/README.md b/README.md index 84309a9..6501910 100644 --- a/README.md +++ b/README.md @@ -20,16 +20,15 @@ A password hash needs te be generated once, after which is can be used when runn ```console docker run \ - robertdebock/docker-cntlm \ - /bin/sh -c \ - "echo Password YoUrPaSsWoRd > /etc/cntlm.conf ; \ - /usr/sbin/cntlm -H \ - -u username \ - -d mydomain" + -e "USERNAME=username" \ + -e "DOMAIN=mydomain" \ + -e "PROXY=anything:1234" \ + --rm -it robertdebock/docker-cntlm -H ``` +Now you have to enter your password (which will not be displayed) and press enter. + Replace: -- `YoUrPaSsWoRd` for your own password. - `username` for your own username. - `mydomain` for you own domain. @@ -51,27 +50,46 @@ To run the proxy: This is an example of how to run this container. ``` console -docker run \ +docker run --restart always --name cntlm \ -e "USERNAME=username" \ -e "DOMAIN=mydomain" \ -e "PASSNTLMV2=640937B847F8C6439D87155508FA8479" \ -e "PROXY=123.123.123.123:8080" \ + -p 3128:3128 \ robertdebock/docker-cntlm ``` Other settings you might want to use are: -| Variable| Description | -| --- | --- | -| LISTEN | The IP/hostname and port (separated by a colon) to listen to. I.e. "127.0.0.1:8080" | -| PASSNTLMV2 | Required for auth method Auth NTLMv2. | -| AUTH | Auth parameter. | -| PASSNT | Required for auth method Auth NTLM2SR, Auth NT and Auth NTLM. | -| PASSLM | Required for auth method Auth LM and Auth NTLM. | -| OPTIONS | Optional variable to enable cntlm features. I.e. for debugging: "-v". | +| Variable | Description | Example | +| ------------- | ------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------- | +| USERNAME | Your username for the proxy. | | +| PASSWORD | The password of the user. Should be avoided to use. Go with NTLM tokens. | | +| DOMAIN | Your domain for the proxy. | | +| LISTEN | The IP/hostname and port (separated by a colon) to listen to. | `127.0.0.1:8080` | +| PASSNTLMV2 | Required for auth method Auth NTLMv2. | | +| AUTH | Auth parameter. | | +| PASSNT | Required for auth method Auth NTLM2SR, Auth NT and Auth NTLM. | | +| PASSLM | Required for auth method Auth LM and Auth NTLM. | | +| PROXY | A proxy list the traffic is send to. Can be a list separated by `;`. Will be splitted into multiple `Proxy ...` lines in the `cntlm.conf`. | `localhost:3128;localhost:3129` | +| NOPROXY | For address which should not be routed through the proxy. Comma separated list. | `127.0.0.1, 10.*` | +| OPTIONS | Optional variable to enable cntlm features. | `-v` for debugging | +| CUSTOM_CONFIG | If you want to manually mount a config you can set this variable to skip all settings. Should be mounted into `etc/cntlm.conf`. | | Find [technical details here](http://cntlm.sourceforge.net/cntlm_manual.pdf). +## Mount custom config + +If you want to use an existing `cntlm.conf` you can mount it directly by settings the `CUSTOM_CONFIG` environment variable. + +``` console +docker run --restart always --name cntlm \ + -e "CUSTOM_CONFIG=true" \ + -p 3128:3128 \ + -v /path/to/cntlm.conf:/etc/cntlm.conf \ + robertdebock/docker-cntlm +``` + ## Using in Docker Compose You can use this container quite well in a docker-compose. Docker compose can simply be used to run as a stand-alone proxy. In that case the docker-compose.yml simply saves all variable, and can be started by running: diff --git a/start.sh b/start.sh index f4c5c4e..c6f7413 100644 --- a/start.sh +++ b/start.sh @@ -3,43 +3,75 @@ # All values are written to /etc/cntlm.conf and also displayed for ease of use. # (Passwords are not displayed). -echo "Username ${USERNAME}" | tee /etc/cntlm.conf +if [[ -z "${CUSTOM_CONFIG}" ]]; then + # No custom config. Add all information. -if [ "${PASSWORD}" != "UNSET" ] ; then - echo "Password ${PASSWORD}" >> /etc/cntlm.conf - echo "Password -HIDDEN-" -fi + if [[ -z "${USERNAME}" ]]; then + echo "USERNAME not defined." + exit 1 + else + echo "Username ${USERNAME}" | tee /etc/cntlm.conf + fi -echo "Domain ${DOMAIN}" | tee -a /etc/cntlm.conf + if [[ -z "${DOMAIN}" ]]; then + echo "DOMAIN not defined." + exit 1 + else + echo "Domain ${DOMAIN}" | tee -a /etc/cntlm.conf + fi -if [ "${PROXY}" ] ; then - echo "Proxy ${PROXY}" | tee -a /etc/cntlm.conf -else - echo "No proxy defined! Please set it using the variable \"PROXY\"." - exit 1 -fi + if ! [[ -z "${PASSWORD}" ]]; then + echo "Password ${PASSWORD}" >> /etc/cntlm.conf + echo "Password -HIDDEN-" + fi -echo "Listen ${LISTEN}" | tee -a /etc/cntlm.conf + if [[ -z "${PROXY}" ]]; then + echo "PROXY not defined." + exit 1 + else + for i in $(echo ${PROXY} | sed "s/;/ /g") + do + echo "Proxy ${i}" | tee -a /etc/cntlm.conf + done + fi -if [ "${AUTH}" != "UNSET" ] ; then - echo "Auth ${AUTH}" | tee -a /etc/cntlm.conf -fi + if [[ -z "${NOPROXY}" ]]; then + NOPROXY='localhost, 127.0.0.*, 10.*, 192.168.*' + fi -if [ "${PASSLM}" != "UNSET" ] ; then - echo "PassLM ${PASSLM}" | tee -a /etc/cntlm.conf -fi + echo "NoProxy ${NOPROXY}" | tee -a /etc/cntlm.conf -if [ "${PASSNT}" != "UNSET" ] ; then - echo "PassNT ${PASSNT}" | tee -a /etc/cntlm.conf -fi + if [[ -z "${LISTEN}" ]]; then + LISTEN='0.0.0.0:3128' + fi -if [ "${PASSNTLMV2}" != "UNSET" ] ; then - echo "PassNTLMv2 ${PASSNTLMV2}" | tee -a /etc/cntlm.conf + echo "Listen ${LISTEN}" | tee -a /etc/cntlm.conf + + if ! [[ -z "${AUTH}" ]]; then + echo "Auth ${AUTH}" | tee -a /etc/cntlm.conf + fi + + if ! [[ -z "${PASSLM}" ]]; then + echo "PassLM ${PASSLM}" | tee -a /etc/cntlm.conf + fi + + if ! [[ -z "${PASSNT}" ]]; then + echo "PassNT ${PASSNT}" | tee -a /etc/cntlm.conf + fi + + if ! [[ -z "${PASSNTLMV2}" ]]; then + echo "PassNTLMv2 ${PASSNTLMV2}" | tee -a /etc/cntlm.conf + fi +else + # Custom config will be mounted. Skip everything. + echo "Custom config will be used. Skipping all custom settings." fi -if [ "${NOPROXY}" != "UNSET" ] ; then - echo "NoProxy ${NOPROXY}" | tee -a /etc/cntlm.conf +# first arg is `-H` or `--some-option` +if [ "${1#-}" != "$1" ]; then + set -- /usr/sbin/cntlm -c /etc/cntlm.conf "$@" +else + set -- /usr/sbin/cntlm -c /etc/cntlm.conf -f ${OPTIONS} fi -# Start cntlm after all configuration has been written. -/usr/sbin/cntlm -c /etc/cntlm.conf -f ${OPTIONS} +exec "$@" \ No newline at end of file