Skip to content
/ docker-cntlm Public
forked from robertdebock/docker-cntlm

A container to function as a proxy. Other containers can link to this one for their web access.

License

Apache-2.0 license
0 stars 12 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

SergeAlexandre/docker-cntlm

BranchesTags
 
 

Repository files navigation

Build Status

docker-cntlm

A container to function as a proxy, based on Cntlm. Other containers can link to this one for their web access. This container authenticates to an external proxy and can be used by other containers without authentication details.

              +- - - - - - -+  +- - - - - - - - -+
              | no password |  | password (hash) |
              +- - - - - - -+  +- - - - - - - - -+
                      |              |
+------------------+  V   +-------+  V   +-----------------+      +----------+
| your workstation | ---> | cntlm | ---> | corporate proxy | ---> | internet |
+------------------+      +-------+      +-----------------+      +----------+

Generating a password hash

A password hash needs te be generated once, after which is can be used when running the proxy.

docker run \
  robertdebock/docker-cntlm \
  /bin/sh -c \
  "echo Password YoUrPaSsWoRd > /etc/cntlm.conf ; \
  /usr/sbin/cntlm -H \
  -u username \
  -d mydomain"

Replace:

  • YoUrPaSsWoRd for your own password.
  • username for your own username.
  • mydomain for you own domain.

You'll seen output like this:

    Password: 
    PassLM          1AD35398BE6565DDB5C4EF70C0593492
    PassNT          77B9081511704EE852F94227CF48A793
    PassNTLMv2      640937B847F8C6439D87155508FA8479    # Only for user 'username', domain 'mydomain'

Running the proxy

To run the proxy:

  • you'll need the PASSNTLMV2 hash generated in the step before.
  • you'll also need the proxy to send traffic to.

This is an example of how to run this container.

docker run \
  -e "USERNAME=username" \
  -e "DOMAIN=mydomain" \
  -e "PASSNTLMV2=640937B847F8C6439D87155508FA8479" \
  -e "PROXY=123.123.123.123:8080" \
  robertdebock/docker-cntlm

Other settings you might want to use are:

Variable Description
LISTEN The IP/hostname and port (separated by a colon) to listen to. I.e. "127.0.0.1:8080"
PASSNTLMV2 Required for auth method Auth NTLMv2.
AUTH Auth parameter.
PASSNT Required for auth method Auth NTLM2SR, Auth NT and Auth NTLM.
PASSLM Required for auth method Auth LM and Auth NTLM.
OPTIONS Optional variable to enable cntlm features. I.e. for debugging: "-v".

Find technical details here.

Using in Docker Compose

You can use this container quite well in a docker-compose. Docker compose can simply be used to run as a stand-alone proxy. In that case the docker-compose.yml simply saves all variable, and can be started by running:

docker-compose up

You can also add the cntlm service in a set of other containers, and let (outgoing) traffic from you application go through the cntlm proxy.

About

A container to function as a proxy. Other containers can link to this one for their web access.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Shell 60.1%
  • Dockerfile 39.9%