cntlm proxy and docker

It can be troublesome to use Linux and docker from within a Windows based IT infrastructure. To achieve this I did the following:

Get the user name

user=`getent passwd 1000 | cut -d ':' -f1`

Get the docker interface ip address

docker0=`ip addr show docker0 | grep inet | head -n1 | awk '{print $2}' | cut -d '/' -f1`

Install cntlm

apt-get update
apt-get install -y cntlm

Edit the /etc/cntlm.conf

sudo vi /etc/cntlm.conf
Domain xxx.xxx.com # Change to your domain

Proxy xx.xx.xx.xx:xx # Change to your proxy server ip:port

# Add all local ip address-ranges no need to use proxy
NoProxy localhost,127.0.0.*,10.*,192.168.*,169.254.*,172.17.42.*

Listen 3128
Listen ##DOCKER##:3128

Allow 127.0.0.1/8
Allow ##DOCKER##/16

Replace ##DOCKER## with docker interface ip address

sudo sed -ri "s/##DOCKER##/$docker0/g" /etc/cntlm.conf

Add proxy environment variables to /etc/environment and /etc/bash.bashrc

http_proxy="http://localhost:3128"
https_proxy="http://localhost:3128"
ftp_proxy="http://localhost:3128"
HTTP_PROXY="http://localhost:3128"
HTTPS_PROXY="http://localhost:3128"
FTP_PROXY="http://localhost:3128"

Setting 99fixbadproxy

mkdir -p /etc/apt/apt.conf.d/
echo "Acquire::http::Pipeline-Depth 0;" > /etc/apt/apt.conf.d/99fixbadproxy
echo "Acquire::http::No-Cache true;" >> /etc/apt/apt.conf.d/99fixbadproxy
echo "Acquire::BrokenProxy true;" >> /etc/apt/apt.conf.d/99fixbadproxy

Getting and updating zscaler certificate

wget --no-proxy --no-check-certificate https://sites.google.com/a/stokes.k12.nc.us/z-scaler/zs-certs/ZscalerRootCertificate-2048-SHA256.crt -O /usr/local/share/ca-certificates/ZscalerRootCertificate-2048-SHA256.crt
update-ca-certificates

Restart cntlm

sudo service cntlm restart
This entry was posted in Yocto and tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *