update: streamlined run-server.sh with entrypoint.sh.

2026-02-27 22:41:55 +01:00
parent f336039cd8
commit 8be0eb7d90
5 changed files with 170 additions and 110 deletions
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -2,69 +2,8 @@

 set -e

-function make_ca() {
-    # Use the provided directory argument or default to AZURITE_DIR if not provided
-    local CERT_DIR="${1:-$AZURITE_DIR}"
-
-    if [[ ! -d "$CERT_DIR" ]]; then
-        echo "ERROR: Certificate directory $CERT_DIR does not exist."
-        return 1
-    fi
-
-    # Generate CA certificate and key if they don't exist
-    if [[ ! -f "$CERT_DIR/ca_cert.pem" || ! -f "$CERT_DIR/ca_key.pem" ]]; then
-        echo "Generating CA certificate and key..."
-        if ! openssl req \
-            -x509 \
-            -newkey rsa:4096 \
-            -keyout "$CERT_DIR/ca_key.pem" \
-            -out "$CERT_DIR/ca_cert.pem" \
-            -days 3650 \
-            -nodes \
-            -subj "/CN=Azurite CA" \
-            -text \
-            -addext "basicConstraints=critical,CA:TRUE,pathlen:0"; then
-            echo "Error: Failed to generate CA certificate and key." >&2
-            return 1
-        fi
-    fi
-}
-
-function make_server_cert() {
-    local ACCOUNT_NAME="${1:-devstoreaccount1}"
-    local CERT_DIR="${2:-$AZURITE_DIR}"
-
-    if [[ ! -d "$CERT_DIR" ]]; then
-        echo "ERROR: Certificate directory $CERT_DIR does not exist."
-        return 1
-    fi
-
-    # Generate server certificate and key if they don't exist
-    if [[ ! -f "$CERT_DIR/${ACCOUNT_NAME}_cert.pem" || ! -f "$CERT_DIR/${ACCOUNT_NAME}_key.pem" ]]; then
-        echo "Generating server certificate and key..."
-        if ! openssl req \
-            -newkey rsa:4096 \
-            -keyout "$CERT_DIR/${ACCOUNT_NAME}_key.pem" \
-            -nodes \
-            -subj "/CN=${ACCOUNT_NAME}.blob.core.windows.net" \
-            -addext "basicConstraints=critical,CA:FALSE" \
-            -addext "keyUsage=digitalSignature,keyEncipherment" \
-            -addext "extendedKeyUsage=serverAuth,clientAuth" \
-            -addext "subjectAltName=DNS:${ACCOUNT_NAME}.blob.core.windows.net,DNS:${ACCOUNT_NAME}.queue.core.windows.net,DNS:${ACCOUNT_NAME}.table.core.windows.net,DNS:localhost,IP:127.0.0.1" \
-        | openssl x509 \
-            -req \
-            -CA "$CERT_DIR/ca_cert.pem" \
-            -CAkey "$CERT_DIR/ca_key.pem" \
-            -set_serial "0x$(openssl rand -hex 16)" \
-            -copy_extensions copyall \
-            -days 365 \
-            -text \
-            -out "$CERT_DIR/${ACCOUNT_NAME}_cert.pem"; then
-            echo "Error: Failed to generate server certificate and key." >&2
-            exit 1
-        fi
-    fi
-}
+# Include certificate generation functions.
+. /app/cert-functions.sh

 # Setup default storage location, account name and accounts file path.
 AZURITE_DIR="/storage"
@@ -139,11 +78,11 @@ if [[ -n "$CADDY" ]]; then
    echo "Starting Caddy server..."
    caddy start --config "$AZURITE_DIR/Caddyfile" # Use start not run, start does not block the shell process.
 else
-  # If not using Caddy, configure Azurite to listen on all interfaces and use the generated self-signed certificate.
-  # This mode does not require Caddy, but it will not allow simultaneous access to the table and queue services on the same HTTPS port.
-  if [[ -n "$AZURITE_SSL" ]]; then
-    CERT_ARGS=("--key" "$AZURITE_DIR/${ACCOUNT_NAME}_key.pem" "--cert" "$AZURITE_DIR/${ACCOUNT_NAME}_cert.pem")
-  fi
+    # If not using Caddy, configure Azurite to listen on all interfaces and use the generated self-signed certificate.
+    # This mode does not require Caddy, but it will not allow simultaneous access to the table and queue services on the same HTTPS port.
+    if [[ -n "$AZURITE_SSL" ]]; then
+        CERT_ARGS=("--key" "$AZURITE_DIR/${ACCOUNT_NAME}_key.pem" "--cert" "$AZURITE_DIR/${ACCOUNT_NAME}_cert.pem")
+    fi
 fi

 # Start Azurite with the appropriate arguments based on the configuration.