Add entrypoint script and configure Dockerfile for Azurite with Caddy support
This commit is contained in:
11
Dockerfile
11
Dockerfile
@@ -23,4 +23,15 @@ COPY --from=build /app/azurite/dist/src ./azurite/src
|
|||||||
WORKDIR /app/azurite
|
WORKDIR /app/azurite
|
||||||
RUN npm pkg set scripts.prepare="echo no-prepare"
|
RUN npm pkg set scripts.prepare="echo no-prepare"
|
||||||
RUN npm ci --omit=dev --unsafe-perm
|
RUN npm ci --omit=dev --unsafe-perm
|
||||||
|
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
|
COPY ./entrypoint.sh .
|
||||||
|
RUN chmod +x entrypoint.sh
|
||||||
|
|
||||||
|
EXPOSE 443
|
||||||
|
EXPOSE 10000
|
||||||
|
EXPOSE 10001
|
||||||
|
EXPOSE 10002
|
||||||
|
|
||||||
|
ENTRYPOINT [ "/app/entrypoint.sh" ]
|
||||||
|
CMD [ "ash" ]
|
||||||
|
|||||||
76
entrypoint.sh
Normal file
76
entrypoint.sh
Normal file
@@ -0,0 +1,76 @@
|
|||||||
|
#!/bin/ash
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
function check_ssl_files() {
|
||||||
|
if [[ ! -f "$AZURITE_DIR/server_key.pem" || ! -f "$AZURITE_DIR/server_cert.pem" ]]; then
|
||||||
|
echo "SSL enabled but server_key.pem or server_cert.pem not found in $AZURITE_DIR. Please provide these files for SSL support."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# We are running as root inside a container.
|
||||||
|
AZURITE_DIR="/storage"
|
||||||
|
AZURITE_ACCOUNTS_FILE="$AZURITE_DIR/accounts.env"
|
||||||
|
|
||||||
|
if [[ ! -f "$AZURITE_ACCOUNTS_FILE" ]]; then
|
||||||
|
echo "No accounts found. Provide $AZURITE_ACCOUNTS_FILE."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
set -a
|
||||||
|
. $AZURITE_ACCOUNTS_FILE
|
||||||
|
set +a
|
||||||
|
|
||||||
|
CADDY=true
|
||||||
|
AZURITE_SSL=""
|
||||||
|
CERT_ARGS=()
|
||||||
|
BLOB_ARGS=()
|
||||||
|
OAUTH_ARGS=()
|
||||||
|
|
||||||
|
while [[ $# -gt 0 ]]; do
|
||||||
|
case "$1" in
|
||||||
|
--oauth)
|
||||||
|
OAUTH_ARGS=("--oauth" "basic")
|
||||||
|
CADDY="" # Ensure OAuth is disabled when using Caddy, as Azurite does not support OAuth in reverse proxy mode.
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
--ssl)
|
||||||
|
check_ssl_files
|
||||||
|
AZURITE_SSL=true
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
--no-caddy)
|
||||||
|
CADDY=""
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Unknown argument: $1"
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
if [[ -n "$CADDY" ]]; then
|
||||||
|
# If using Caddy, it will reverse proxy blob, queue, and table endpoints to different ports on localhost,
|
||||||
|
# allowing simultaneous access to all services on a single HTTPS port.
|
||||||
|
check_ssl_files # Ensure SSL files are present when using Caddy, as Caddy will handle SSL termination.
|
||||||
|
echo "Starting Caddy server..."
|
||||||
|
caddy start --config Caddyfile # Use start not run, start does not block the shell process.
|
||||||
|
else
|
||||||
|
# If not using Caddy, configure Azurite to listen on all interfaces and use the generated self-signed certificate.
|
||||||
|
# This mode does not require Caddy, but it will not allow simultaneous access to the table and queue services on the same HTTPS port.
|
||||||
|
if [[ -n "$AZURITE_SSL" ]]; then
|
||||||
|
BLOB_ARGS=("--blobHost" "0.0.0.0" "--blobPort" "443")
|
||||||
|
CERT_ARGS=("--key" "$AZURITE_DIR/server_key.pem" "--cert" "$AZURITE_DIR/server_cert.pem")
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
azurite \
|
||||||
|
--disableTelemetry \
|
||||||
|
--location "$AZURITE_DIR" \
|
||||||
|
"${CERT_ARGS[@]}" \
|
||||||
|
"${BLOB_ARGS[@]}" \
|
||||||
|
"${OAUTH_ARGS[@]}"
|
||||||
|
|
||||||
|
exec "$@"
|
||||||
Reference in New Issue
Block a user