Closed paulo-dc closed 2 years ago
Seems like it's currently hardcoded:
https://github.com/samuong/alpaca/blob/master/main.go#L94
But shouldn't be too hard to make it a flag, not sure of the broader implications to the system however
It is possible, but I would like to avoid it if we can. The reason is that alpaca authenticates to the upstream proxy on your behalf, so having it listen for external connections would allow other hosts to make use of your proxy credentials. Ideally we'd just open this up to the docker container, and not to other hosts on the local network.
A few options come to mind:
[sam@sam-desktop alpaca]$ ip addr show docker0
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:2c:d4:75:3f brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:2cff:fed4:753f/64 scope link
valid_lft forever preferred_lft forever
[sam@sam-desktop alpaca]$ git diff
diff --git a/main.go b/main.go
index b1d63c4..a0b75ef 100644
--- a/main.go
+++ b/main.go
@@ -99,7 +99,7 @@ func createServer(port int, pacurl string, a *authenticator) *http.Server {
return &http.Server{
// Set the addr to localhost so that we only listen locally.
- Addr: fmt.Sprintf("localhost:%d", port),
+ Addr: fmt.Sprintf("172.17.0.1:%d", port),
Handler: handler,
// TODO: Implement HTTP/2 support. In the meantime, set TLSNextProto to a non-nil
// value to disable HTTP/2.
Then you can access this from within the container (but not from other hosts on the local network):
[sam@sam-desktop alpaca]$ docker run -it golang
root@57e5b4b8d55d:/go# curl -x http://172.17.0.1:3128 google.com
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>
It would be great to have an option on the command line to choose which interface to listen on, something like this:
$ alpaca -i 127.0.0.1 # listen only on localhost (this is the default)
$ alpaca -i 172.17.0.1 # listen only on docker0
$ alpaca -i 0.0.0.0 # listen on all interfaces
I just tried on my Mac, and I can do this inside a container:
https_proxy=http://host.docker.internal:3128 curl google.com
Not sure if this works with WSL2, @paulo-dc is this something you can try and let me know?
Hi @samuong !
Sorry for my late response (was on holidays). The test you asked me does not work on my WSL2.
But I downloaded the last release of alpaca, and that make my day ! Works just perfectly ! Like a charm!
With the option to listen on a dedicated interface I can use it now from my containers. And I am not afraid about security, as my FW prevents others computers from using my services.
Many thx !! Alpaca is really a great tool !
Hi,
Alpaca is a great tool, and replaces easily cntlm on my computer due to its ability to support proxypac.
Unfortunatly I'm facing one issue : I use docker inside wsl2, and because of the fact that alpaca only listens on the localhost interface, I can't use it from a container :(
tcp 0 0 127.0.0.1:3128 0.0.0.0:* LISTEN 111/alpaca
Is there a way to make alpaca listen on all interfaces (
0.0.0.0
) ?BR