#!/usr/bin/env bash SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" # Include certificate generation functions. . "$SCRIPT_DIR/cert-functions.sh" AZURITE_DIR="$SCRIPT_DIR/storage" if [[ ! -d "$AZURITE_DIR" ]]; then echo "No accounts found" exit 0 fi if [[ -f "$SCRIPT_DIR/accounts.env" ]]; then set -a . "$SCRIPT_DIR/accounts.env" set +a fi # Look up the account name from the AZURITE_ACCOUNTS variable, which is in the format "accountName:accountKey1:accountKey2;accountName2:accountKey1:accountKey2" ACCOUNT_NAME=$(echo "$AZURITE_ACCOUNTS" | cut -f 1 -d ';' | cut -f 1 -d ':') # Ensure /etc/hosts contains an entry the Azure endpoint names, # so Caddy can route requests to the correct service based on the hostname. if ! grep -qE "${ACCOUNT_NAME}\.blob\.core\.windows\.net" /etc/hosts || ! grep -qE "${ACCOUNT_NAME}\.queue\.core\.windows\.net" /etc/hosts || ! grep -qE "${ACCOUNT_NAME}\.table\.core\.windows\.net" /etc/hosts; then echo "ERROR: /etc/hosts does not contain entries for the Azure endpoints. Please ensure the following line is present in /etc/hosts:" echo -e "\n127.0.0.1\t${ACCOUNT_NAME}.blob.core.windows.net ${ACCOUNT_NAME}.queue.core.windows.net ${ACCOUNT_NAME}.table.core.windows.net" exit 1 fi if ! command -v azurite &> /dev/null; then echo "Azurite is not installed. Please install it with 'npm install -g azurite'" exit 1 fi if command -v caddy &> /dev/null; then CADDY=true else CADDY="" fi AZURITE_SSL="" CERT_ARGS=() OAUTH_ARGS=() PORTS_ARGS=("--blobPort" "10000" "--queuePort" "10001" "--tablePort" "10002") while [[ $# -gt 0 ]]; do case "$1" in --oauth) case "$2" in blob) PORTS_ARGS=("--blobPort" "443" "--queuePort" "10001" "--tablePort" "10002") ;; queue) PORTS_ARGS=("--blobPort" "10000" "--queuePort" "443" "--tablePort" "10002") ;; table) PORTS_ARGS=("--blobPort" "10000" "--queuePort" "10001" "--tablePort" "443") ;; *) echo "Error: --oauth must be followed by 'blob', 'queue', or 'table'." >&2 exit 1 ;; esac OAUTH_ARGS=("--oauth" "basic") # Ensure Caddy is disabled when using OAuth, as Azurite does not support OAuth behind a reverse proxy. CADDY="" AZURITE_SSL=true shift 2 ;; --ssl) AZURITE_SSL=true # Ensure Caddy is disabled when using Azurite's built-in SSL support. CADDY="" shift ;; --no-caddy) # Disable Caddy, but do not enable SSL for Azurite. CADDY="" shift ;; *) echo "Unknown argument: $1" exit 1 ;; esac done # Ensure certificates are generated before starting Azurite or Caddy. if [[ -n "$AZURITE_SSL" || -n "$CADDY" ]]; then if ! make_ca "$AZURITE_DIR"; then echo "Error: Failed to create CA certificate and key." >&2 exit 1 fi if ! make_server_cert "$ACCOUNT_NAME" "$AZURITE_DIR"; then echo "Error: Failed to create server certificate and key." >&2 exit 1 fi fi if [[ -n "$CADDY" ]]; then # If using Caddy, it will reverse proxy blob, queue, and table endpoints to different ports on localhost, # allowing simultaneous access to all services on a single HTTPS port. # Generate a Caddyfile configuration based on the account name and storage directory. sed -E "s/__ACCOUNT_NAME__/${ACCOUNT_NAME}/g; s|__AZURITE_DIR__|${AZURITE_DIR}|g" "$SCRIPT_DIR/Caddyfile.example" > "$AZURITE_DIR/Caddyfile" echo "Starting Caddy server..." caddy start --config "$AZURITE_DIR/Caddyfile" # Use start not run, start does not block the shell process. trap "echo 'Stopping Caddy server...'; caddy stop" EXIT INT TERM HUP KILL STOP CERT_ARGS=() OAUTH_ARGS=() # Ensure OAuth is disabled when using Caddy, as Azurite does not support OAuth in reverse proxy mode. else # If not using Caddy, configure Azurite to listen on all interfaces and use the generated self-signed certificate. # This mode does not require Caddy, but it will not allow simultaneous access to the table and queue services on the same HTTPS port. CERT_ARGS=("--key" "$AZURITE_DIR/server_key.pem" "--cert" "$AZURITE_DIR/server_cert.pem") fi azurite \ --disableTelemetry \ --location "$AZURITE_DIR" \ --blobHost 127.0.0.1 --queueHost 127.0.0.1 --tableHost 127.0.0.1 \ "${PORTS_ARGS[@]}" "${CERT_ARGS[@]}" "${OAUTH_ARGS[@]}"