Install Openssl In Docker Container

/ Comments off
  1. Install Openssl In Docker Container Model
  2. Install Openssl In Docker Container Design
  3. Install Ssl On Docker Container
  4. Install Ssl Certificate In Docker Container
  5. Install Openssl In Docker Container

Go implementation of IPFS, the InterPlanetary FileSystem. Pulls 10M+ Overview Tags. IPFS is a global, versioned, peer-to-peer filesystem. Since one of the goals of using Docker is to avoid cluttering the local machine as much as possible, we'll use a container to install OpenSSL and generate the certificate. Nginx's is a logical choice for this – being our proxy, it will be the one receiving the encrypted traffic on port 443, before redirecting it to the right container. First, check to see if openssl is already installed: openssl version. If it returns a version, then you should be good to go. If it does not you can install it with: sudo apt install openssl. Next, we should install docker and docker-compose: sudo apt install docker-compose -y. The remaining share of the docker container is the base conda and the base Ubuntu installation. Distroless container As conda environments are not only Python environments but actually include all dependencies of any language, they need neither the Ubuntu distribution nor the conda installation to run the code.

Containers enable you to run several features of the Translator service in your own environment. Containers are great for specific security and data governance requirements. In this article you'll learn how to download, install, and run a Translator container.

Translator container enables you to build a translator application architecture that is optimized for both robust cloud capabilities and edge locality.


  • Translator container is in gated preview and to use it you must submit an online request, and have it approved. See Request approval to run container below for more information.
  • Translator container supports limited features compared to the cloud offerings. Please refer to Container: Translate for more details.


To get started, you'll need an active Azure account. If you don't have one, you can create a free account.

You'll also need the following:

Familiarity with Docker
  • You should have a basic understanding of Docker concepts, like registries, repositories, containers, and container images, as well as knowledge of basic dockerterminology and commands.
Docker Engine
  • You need the Docker Engine installed on a host computer. Docker provides packages that configure the Docker environment on macOS, Windows, and Linux. For a primer on Docker and container basics, see the Docker overview.
  • Docker must be configured to allow the containers to connect with and send billing data to Azure.
  • On Windows, Docker must also be configured to support Linux containers.
Translator resource
  • An Azure Translator resource with region other than 'global', associated API key and endpoint URI. Both values are required to start the container and can be found on the resource overview page.
Azure CLI (command-line interface)
  • The Azure CLI enables you to use a set of online commands to create and manage Azure resources. It is available to install in Windows, macOS, and Linux environments and can be run in a Docker container and Azure Cloud Shell.

Required elements

All Cognitive Services containers require three primary elements:

  • EULA accept setting. An end-user license agreement (EULA) set with a value of Eula=accept.

  • API key and Endpoint URL. The API key is used to start the container. You can retrieve the API key and Endpoint URL values by navigating to the Translator resource Keys and Endpoint page and selecting the Copy to clipboard icon.


  • Subscription keys are used to access your Cognitive Service API. Do not share your keys. Store them securely, for example, using Azure Key Vault. We also recommend regenerating these keys regularly. Only one key is necessary to make an API call. When regenerating the first key, you can use the second key for continued access to the service.

Host computer

The host is a x64-based computer that runs the Docker container. It can be a computer on your premises or a Docker hosting service in Azure, such as:

  • Azure Kubernetes Service.
  • Azure Container Instances.
  • A Kubernetes cluster deployed to Azure Stack. For more information, see Deploy Kubernetes to Azure Stack.

Container requirements and recommendations

The following table describes the minimum and recommended specifications for Translator containers. At least 2 gigabytes (GB) of memory are required and each CPU must be at least 2.6 gigahertz (GHz) or faster. and memory, in gigabytes (GB), to allocate for each Translator. The following table describes the minimum and recommended allocation of resources for each Translator container.

ContainerMinimumRecommendedLanguage Pair
Translator connected2 core, 2-GB memory4 core, 8-GB memory4

For every language pair, it's recommended to have 2 GB of memory. By default, the Translator offline container has four language pairs. The core and memory correspond to the --cpus and --memory settings, which are used as part of the docker run command.


  • CPU core and memory correspond to the --cpus and --memory settings, which are used as part of the docker run command.

  • The minimum and recommended specifications are based on Docker limits, not host machine resources.

Request approval to run container

Complete and submit the Azure Cognitive ServicesApplication for Gated Services to request access to the container.

The form requests information about you, your company, and the user scenario for which you'll use the container. After you submit the form, the Azure Cognitive Services team will review it and email you with a decision.


  • On the form, you must use an email address associated with an Azure subscription ID.
  • The Azure resource you use to run the container must have been created with the approved Azure subscription ID.
  • Check your email (both inbox and junk folders) for updates on the status of your application from Microsoft.

After you're approved, you will be able to run the container after downloading it from the Microsoft Container Registry (MCR), described later in the article.

You won't be able to run the container if your Azure subscription has not been approved.

Get container images with docker commands



  • The docker commands in the following sections use the back slash, , as a line continuation character. Replace or remove this based on your host operating system's requirements.
  • The EULA, Billing, and ApiKey options must be specified to run the container; otherwise, the container won't start.

Use the docker run command to download a container image from Microsoft Container registry and run it.

The above command:

  • Downloads and runs a Translator container from the container image.
  • Allocates 12 gigabytes (GB) of memory and four CPU core.
  • Exposes TCP port 5000 and allocates a pseudo-TTY for the container
  • Accepts the end-user agreement (EULA)
  • Configures billing endpoint
  • Downloads translation models for languages English, French, Spanish, Arabic, and Russian
  • Automatically removes the container after it exits. The container image is still available on the host computer.

Run multiple containers on the same host

If you intend to run multiple containers with exposed ports, make sure to run each container with a different exposed port. For example, run the first container on port 5000 and the second container on port 5001.

You can have this container and a different Azure Cognitive Services container running on the HOST together. You also can have multiple containers of the same Cognitive Services container running.

Query the container's Translator endpoint

The container provides a REST-based Translator endpoint API. Here is an example request:

Install openssl in docker container box


If you attempt the cURL POST request before the container is ready, you'll end up getting a Service is temporarily unavailable response. Wait until the container is ready, then try again.

Stop the container

To shut down the container, in the command-line environment where the container is running, select Ctrl+C.


Validate that a container is running

There are several ways to validate that the container is running:

  • The container provides a homepage at as a visual validation that the container is running.

  • You can open your favorite web browser and navigate to the external IP address and exposed port of the container in question. Use the various request URLs below to validate the container is running. The example request URLs listed below are http://localhost:5000, but your specific container may vary. Keep in mind that you're navigating to your container's External IP address and exposed port.

Request URLPurpose
http://localhost:5000/The container provides a home page.
http://localhost:5000/readyRequested with GET. Provides a verification that the container is ready to accept a query against the model. This request can be used for Kubernetes liveness and readiness probes.
http://localhost:5000/statusRequested with GET. Verifies if the api-key used to start the container is valid without causing an endpoint query. This request can be used for Kubernetes liveness and readiness probes.
http://localhost:5000/swaggerThe container provides a full set of documentation for the endpoints and a Try it out feature. With this feature, you can enter your settings into a web-based HTML form and make the query without having to write any code. After the query returns, an example CURL command is provided to demonstrate the HTTP headers and body format that's required.

Text translation code samples

Translate text with swagger

English ↔ German

Navigate to the swagger page: <http://localhost:5000/swagger/index.html>

  1. Select POST /translate
  2. Select Try it out
  3. Enter the From parameter as en
  4. Enter the To parameter as de
  5. Enter the api-version parameter as 3.0
  6. Under texts, replace string with the following JSON

Select Execute, the resulting translations are output in the Response Body. You should expect something similar to the following response:

Translate text with Python

Translate text with C#/.NET console app

Launch Visual Studio, and create a new console application. Edit the *.csproj file to add the <LangVersion>7.1</LangVersion> node—specifies C# 7.1. Add the Newtoonsoft.Json NuGet package, version 11.0.2.

In the Program.cs replace all the existing code with the following:


In this article, you learned concepts and workflows for downloading, installing, and running Translator container. Now you know:

  • Translator provides Linux containers for Docker.
  • Container images are downloaded from the container registry and run in Docker.
  • You can use the REST API to call 'translate' operation in Translator container by specifying the container's host URI.

Next steps

Once you have installed Kendis Docker and it's up and running, you can follow these steps to configure SSL.

Step 1: Create Directory

Create a directory with the name 'docker_ssl_proxy' to store the NGINX configuration file and the certificate and key

Step 2: Change directory to docker_ssl_proxy

You must be under this directory before executing the following steps (commands).

Step 2.a: Use Signed certificates

If you have certificates you can simply copy the following 2 files in the current directory

Step 2.b Create the self-signed certificates (If needed)

Use OpenSSL to create a self-signed certificate, Following command will create a self-signed certificate and a private key with a validity of 365 days.

Step 3: Find your container IP address

3.1: Find your kendis container Id.

It will list all the processes that are running and find out your Kendis container id.

3.2 Find IP Address

To find the container IP address from the host, you can run the command

<kendis-container-id>: replace this with the value that you get from Step 4.1

Install Openssl In Docker Container Model


The response of the above command will be an IP address e.g.,



Step 4: Create the NGINX configuration file

In the same directory, create a configuration file that will proxy all the traffic to your upstream server. The upstream server is the application server running a non-SSL connection. The SSL will be using NGINX, and all the traffic will be proxied to the host (using the IP address that you got in Step 3.2)

The configuration file, which in this example is called 'proxy_ssl.conf,' but can have any name as long as it ends in .conf. The file must have the following contents

Example file: proxy_ssl.conf

The only thing you need to replace in this file is IP Address. We are using the example IP

This file simply instructs NginX to listen, with SSL and the correct certs and keys, on port 443 and to proxy all the requests to the host on port 8080

Install Openssl In Docker Container Design

Step 5: Run the docker container

Install Ssl On Docker Container

At this point we have all the configuration in place to proxy the traffic, we simply need to run the docker container with the following command

NOTE: In case you face issues, try to replace PWD in the command above with the full directory path for 'docker_ssl_proxy', where you have config and cert files.

Install Ssl Certificate In Docker Container

All Done.

Install Openssl In Docker Container

Just open a browser and hit the URL with HTTPS.