diff --git a/rootfs/Dockerfile b/rootfs/Dockerfile
index 532d3a5..805203b 100644
--- a/rootfs/Dockerfile
+++ b/rootfs/Dockerfile
@@ -103,6 +103,9 @@ RUN pip install -e /srv/app/src/ckan && \
 # Remove wheels
 RUN rm -rf /srv/app/wheels
 
+# Create entrypoint directory for children image scripts
+ONBUILD RUN mkdir /docker-entrypoint.d
+
 EXPOSE 5000
 
 HEALTHCHECK --interval=10s --timeout=5s --retries=5 CMD curl --fail http://localhost:5000/api/3/action/status_show || exit 1
diff --git a/rootfs/setup/app/start_ckan.sh b/rootfs/setup/app/start_ckan.sh
index acac999..d0dc6e7 100755
--- a/rootfs/setup/app/start_ckan.sh
+++ b/rootfs/setup/app/start_ckan.sh
@@ -2,13 +2,25 @@
 # Run the prerun script to init CKAN and create the default admin user
 python prerun.py
 
+# Run any startup scripts provided by images extending this one
+if [[ -d "/docker-entrypoint.d" ]]
+then
+    for f in /docker-entrypoint.d/*; do
+        case "$f" in
+            *.sh)     echo "$0: Running init file $f"; . "$f" ;;
+            *.py)     echo "$0: Running init file $f"; python "$f"; echo ;;
+            *)        echo "$0: Ignoring $f (not an sh or py file)" ;;
+        esac
+        echo
+    done
+fi
+
 # Set the common uwsgi options
 UWSGI_OPTS="--socket /tmp/uwsgi.sock --uid 92 --gid 92 --http :5000 --master --enable-threads --paste config:/srv/app/production.ini --lazy-apps --gevent 2000 -p 2 -L"
 
 # Check whether http basic auth password protection is enabled and enable basicauth routing on uwsgi respecfully
 if [ $? -eq 0 ]
 then
-  /bin/sh extra_scripts.sh
   if [ "$PASSWORD_PROTECT" = true ]
   then
     if [ "$HTPASSWD_USER" ] || [ "$HTPASSWD_PASSWORD" ]