Skip to content

corrydiehl/docker-cntlm

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 

Repository files navigation

This fork of btrepp/docker-cntlm implements the configuration necessary to secure your proxy by explicity allowing/denying ip addresses or ranges of ip addresses. Please see the comments in cntlm_start.sh for details. Thanks to btrepp for creating this initial image!

Cntlm Docker

This is a simple dockerfile that wraps up cntlm into debian. It will set up a open proxy, that uses NTLMv2 to authenticate upstream. The main use case is to get a simple proxy setup that plays nice with windows networks.

Ideally you can use this with redsocks+iptables, to make docker images think they have direct access, but the connections are actually tunneled through.

container->redsocks->ctnlm->upstream

Usage

Simple usage is

docker run --rm -p 3128:3128 btrepp/cntlm user.name domain NTVLMv2Hash upstream_proxy:port

This will create an unathenticated proxy on the host running at 3128

NTLMv2 Hash

By default I've only set this up to accept Hashed passwords. cntlm supports actual passwords, but that is left up to you to figure out. A script exists in the images that will help you get the hash

docker run --rm -t -i --entrypoint="get_ntlm.sh" btrepp/cntlm user.name@domain upstream_proxy:port

This will ask you for your password and attempt to use the upstream proxy to get to docker.io. If it succeeds it will print a PassNTLMv2 line, use this hash above when launching the container.

Contributing

This was a quick hack to get together as nothing currently existed on the registry. Feel free to fork it and send pull requests

About

Cntlm image for docker - now with security

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Shell 100.0%