NginxProxyManager
nginx-ntlm-module module support
This PR adds https://github.com/gabihodoroaga/nginx-ntlm-module to the openresty build to address the following long-standing issues by implementing basic support for NTLM based single-sign-on proxying using nginx proxy manager:
https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1117 https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1138 https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2037 https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3181 https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3797
In practice, the following steps are then required to get NTLM authentication successful running with NPM:
- add the following section to the
/data/nginx/custom/root_top.conffile to load the module:
load_module /usr/lib/nginx/modules/ngx_http_upstream_ntlm_module.so;
- add the following to the
/data/nginx/custom/http.conffile to define the NTLM aware upstream target:
upstream target {
server 192.168.1.1:443;
ntlm;
}
- add the following to the proxy configuration in the
Advancedtab:
location / {
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_pass https://target;
}
Then, the NTLM authentication should proceed and work nicely.
P.S.:
As a side note for users which cannot wait until a new nginx proxy manager version with this integrated NTLM module is out, one can also simply compile it using the docker-nginx-full repository and the local-build.sh script, then extract the ngx_http_upstream_ntlm_module.so file and put it into e.g. the /data/nginx/modules path and simply use the following load_module call in step 1 instead:
load_module /data/nginx/modules/ngx_http_upstream_ntlm_module.so;
@jc21 Any chance to get this PR integrated anytime soon so that the mentioned tickets/issues can be closed and NTLM authentication support directly integrated in NGINX proxy manager?
@jens-maus I tried to follow the description in the bottom if I cannot wait, however I get an error about invalid ELF header and Nginx Proxy Manager UI will not start.
From /var/log/nginx/error.log:
2024/12/29 16:31:06 [emerg] 395#395: dlopen() "/data/nginx/modules/ngx_http_upstream_ntlm_module.so" failed (/data/nginx/modules/ngx_http_upstream_ntlm_module.so: invalid ELF header) in /data/nginx/custom/root_top.conf:1
I copied ngx_http_upstream_ntlm_module.so from the docker-nginx-full container image to /data/nginx/modules in the nginx proxy manager container image and both containers show the same Linux version running uname -a but still invalid ELF header:
Linux 272e1058f7ec 6.8.0-48-generic #48-Ubuntu SMP PREEMPT_DYNAMIC Fri Sep 27 14:04:52 UTC 2024 x86_64 GNU/Linux
Linux ddbf4866c671 6.8.0-48-generic #48-Ubuntu SMP PREEMPT_DYNAMIC Fri Sep 27 14:04:52 UTC 2024 x86_64 GNU/Linux
I tried the binary from @DragonSMART and it is for sure ELF file, however I then get another error message from /var/log/nginx/error.log
2024/12/29 19:31:39 [emerg] 384#384: module "/data/nginx/modules/ngx_http_upstream_ntlm_module.so" version 1021004 instead of 1025003 in /data/nginx/custom/root_top.conf:1
Any insights how to extract the ngx_http_upstream_ntlm_module.so for immediate as it looks like no one is going to accept this merge request in a timely fashion...
Edit1: Switching from image: jc21/nginx-proxy-manager:latest to image: jc21/nginx-proxy-manager:2.10.4 was compatible with binary from @DragonSMART so moving forward with this, thanks
Edit2: Even if no errors when adding load_module /data/nginx/modules/ngx_http_upstream_ntlm_module.so; in file /data/nginx/custom/http.conf I get unknown directive "ntlm" error from /var/log/nginx/error.log
2024/12/29 22:22:00 [emerg] 398#398: unknown directive "ntlm" in /data/nginx/custom/http.conf:3
I'm listing loaded nginx modules, ntlm not mentioned:
# nginx -V 2>&1 | tr -- - '\n' | grep _module
http_addition_module
http_auth_request_module
http_dav_module
http_flv_module
http_gunzip_module
http_gzip_static_module
http_mp4_module
http_random_index_module
http_realip_module
http_secure_link_module
http_slice_module
http_ssl_module
http_stub_status_module
http_sub_module
http_v2_module
mail_ssl_module
stream_realip_module
stream_ssl_module
stream_ssl_preread_module
Any ideas?
Hello, i have compiled a fork of Nginx Proxy Manager with GeoIP and NTLM. Feel free to use this. Source is on github, only amd64 platform. Feel free to fork my repos if you want to compile for arm
https://github.com/greetoz/nginx-proxy-manager
https://hub.docker.com/r/greetoz/npm-ntlm
Thanks! But better would be @jc21 would finally start to integrate different still open pull requests like this one throughout his different nginx proxy manager repos so that such published yet-another-npm-forks won't be necessary anymore. Or if he lacks the time, to open nginx proxy manager development to a trusted community around NPM.
Thanks! But better would be @jc21 would finally start to integrate different still open pull requests like this one throughout his different nginx proxy manager repos so that such published yet-another-npm-forks won't be necessary anymore. Or if he lacks the time, to open nginx proxy manager development to a trusted community around NPM.
I agree, but i have not found a precompiled working version of NPM with the NTLM, so i went ahead and created one for my own use, just sharing for others to use as they see fit.
I'll keep it up to date with new versions of NPM ;-).
Hello, i have compiled a fork of Nginx Proxy Manager with GeoIP and NTLM. Feel free to use this. Source is on github, only amd64 platform. Feel free to fork my repos if you want to compile for arm
https://github.com/greetoz/nginx-proxy-manager
https://hub.docker.com/r/greetoz/npm-ntlm
Should i edit http.conf and root_top.conf as described above or NTLM in your fork works without any config's changes?
I was hoping this could be pushed forward...what are people using as a solution for this?
