diff --git a/entrypoint.sh b/entrypoint.sh
index 70e41a3..89a2e63 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -107,7 +107,7 @@ while [[ $# -gt 0 ]]; do
             shift
             ;;
         --no-caddy)
-            # Disable Caddy on request.
+            # Disable Caddy, but do not enable SSL for Azurite.
             CADDY=""
             shift
             ;;
@@ -146,9 +146,9 @@ else
   fi
 fi
 
+# Start Azurite with the appropriate arguments based on the configuration.
 exec node /app/azurite/src/azurite.js \
     --disableTelemetry \
     --location "$AZURITE_DIR" \
     --blobHost 0.0.0.0 --queueHost 0.0.0.0 --tableHost 0.0.0.0 \
-    --blobPort 10010 --queuePort 10011 --tablePort 10012 \
     "${CERT_ARGS[@]}" "${OAUTH_ARGS[@]}"
diff --git a/run.sh b/run.sh
index 728b155..d9ec32a 100755
--- a/run.sh
+++ b/run.sh
@@ -1,43 +1,47 @@
 #!/usr/bin/env bash
 
-function expose_caddy() {
-    # Expose Caddy on port 443 and forward to Azurite's blob service on port 10010
-    EXPOSED_PORTS=("-p" "443:443")
-}
+# By default Caddy exposes the SSL termination endpoint and
+# uses DNS name to determine which service to route to.
+EXPOSED_PORTS=("-p" "443:443")
 
-function expose_azurite() {
-    # Expose Azurite's blob, queue, and table services on ports 10010, 10011, and 10012 respectively
-    EXPOSED_PORTS=("-p" "10000:10010" "-p" "10001:10011" "-p" "10002:10012")
-}
-
-function expose_azurite_ssl() {
-    # Expose Azurite's blob service on port 443 with SSL, and queue and table services on ports 10011 and 10012 respectively
-    EXPOSED_PORTS=("-p" "443:10010")
-}
-
-expose_caddy
+CONTAINER_ARGS=()
 
 while [[ $# -gt 0 ]]; do
     case "$1" in
         --oauth)
-            expose_azurite_ssl
-            shift
+            # OAuth support 
+            case "$2" in
+                blob)
+                    EXPOSED_PORTS=("-p" "443:10000")
+                    ;;
+                queue)
+                    EXPOSED_PORTS=("-p" "443:10001")
+                    ;;
+                table)
+                    EXPOSED_PORTS=("-p" "443:10002")
+                    ;;
+                *)
+                    echo "Error: --oauth must be followed by 'blob', 'queue', or 'table'." >&2
+                    exit 1
+                    ;;
+            esac
+            CONTAINER_ARGS+=("--oauth")
+            shift 2
             ;;
-        --ssl)
-            expose_azurite_ssl
-            shift
-            ;;
-        --no-caddy)
-            expose_azurite
+        --ssl|--no-caddy)
+            CONTAINER_ARGS+=("$1")
+            EXPOSED_PORTS=("-p" "10000:10000" "-p" "10001:10001" "-p" "10002:10002")
             shift
             ;;
     esac
 done
 
+echo "Using exposed ports: ${EXPOSED_PORTS[*]}"
+
 if command -v dockerd &> /dev/null; then
-    docker run --rm -it --name azurite --env-file accounts.env "${EXPOSED_PORTS[@]}" -v ./storage:/storage azurite:latest "$@"
+    docker run --rm -it --name azurite --env-file accounts.env "${EXPOSED_PORTS[@]}" -v ./storage:/storage azurite:latest "${CONTAINER_ARGS[@]}"
 elif command -v container &> /dev/null; then
-    container run --rm -it --name azurite --env-file accounts.env "${EXPOSED_PORTS[@]}" --mount type=bind,source=./storage,target=/storage azurite:latest "$@"
+    container run --rm -it --name azurite --env-file accounts.env "${EXPOSED_PORTS[@]}" --mount type=bind,source=./storage,target=/storage azurite:latest "${CONTAINER_ARGS[@]}"
 else
     echo "Neither supported container runtime found." >&2
     exit 1