#!/bin/ash set -e function check_ssl_files() { if [[ ! -f "$AZURITE_DIR/server_key.pem" || ! -f "$AZURITE_DIR/server_cert.pem" ]]; then echo "SSL enabled but server_key.pem or server_cert.pem not found in $AZURITE_DIR. Please provide these files for SSL support." exit 1 fi } # We are running as root inside a container. AZURITE_DIR="/storage" AZURITE_ACCOUNTS_FILE="$AZURITE_DIR/accounts.env" if [[ ! -f "$AZURITE_ACCOUNTS_FILE" ]]; then echo "No accounts found. Provide $AZURITE_ACCOUNTS_FILE." exit 1 fi set -a . $AZURITE_ACCOUNTS_FILE set +a CADDY=true AZURITE_SSL="" CERT_ARGS=() BLOB_ARGS=() OAUTH_ARGS=() while [[ $# -gt 0 ]]; do case "$1" in --oauth) OAUTH_ARGS=("--oauth" "basic") CADDY="" # Ensure OAuth is disabled when using Caddy, as Azurite does not support OAuth in reverse proxy mode. shift ;; --ssl) check_ssl_files AZURITE_SSL=true shift ;; --no-caddy) CADDY="" shift ;; *) echo "Unknown argument: $1" exit 1 ;; esac done if [[ -n "$CADDY" ]]; then # If using Caddy, it will reverse proxy blob, queue, and table endpoints to different ports on localhost, # allowing simultaneous access to all services on a single HTTPS port. check_ssl_files # Ensure SSL files are present when using Caddy, as Caddy will handle SSL termination. echo "Starting Caddy server..." caddy start --config Caddyfile # Use start not run, start does not block the shell process. else # If not using Caddy, configure Azurite to listen on all interfaces and use the generated self-signed certificate. # This mode does not require Caddy, but it will not allow simultaneous access to the table and queue services on the same HTTPS port. if [[ -n "$AZURITE_SSL" ]]; then BLOB_ARGS=("--blobHost" "0.0.0.0" "--blobPort" "443") CERT_ARGS=("--key" "$AZURITE_DIR/server_key.pem" "--cert" "$AZURITE_DIR/server_cert.pem") fi fi azurite \ --disableTelemetry \ --location "$AZURITE_DIR" \ "${CERT_ARGS[@]}" \ "${BLOB_ARGS[@]}" \ "${OAUTH_ARGS[@]}" exec "$@"