From 45237c8438ad385a6100f2046cad65a779da7b4f Mon Sep 17 00:00:00 2001 From: Daniel Nata Nugraha Date: Mon, 6 May 2024 17:22:50 +0200 Subject: [PATCH 1/4] Fix ssl guide to use Flower Next --- doc/source/how-to-enable-ssl-connections.rst | 38 +++++--------------- 1 file changed, 8 insertions(+), 30 deletions(-) diff --git a/doc/source/how-to-enable-ssl-connections.rst b/doc/source/how-to-enable-ssl-connections.rst index 051dd5711497..93730373af92 100644 --- a/doc/source/how-to-enable-ssl-connections.rst +++ b/doc/source/how-to-enable-ssl-connections.rst @@ -42,23 +42,11 @@ Server We are now going to show how to write a sever which uses the previously generated scripts. -.. code-block:: python - - from pathlib import Path - import flwr as fl +.. code-block:: bash - # Start server - fl.server.start_server( - server_address="0.0.0.0:8080", - config=fl.server.ServerConfig(num_rounds=4), - certificates=( - Path(".cache/certificates/ca.crt").read_bytes(), - Path(".cache/certificates/server.pem").read_bytes(), - Path(".cache/certificates/server.key").read_bytes(), - ) - ) + flower-superlink --certificates certificates/ca.crt certificates/server.pem certificates/server.key -When providing certificates, the server expects a tuple of three certificates. :code:`Path` can be used to easily read the contents of those files into byte strings, which is the data type :code:`start_server` expects. +When providing certificates, the server expects a tuple of three certificates paths. Client @@ -66,23 +54,13 @@ Client We are now going to show how to write a client which uses the previously generated scripts: -.. code-block:: python - - from pathlib import Path - import flwr as fl - - # Define client somewhere - client = MyFlowerClient() +.. code-block:: bash - # Start client - fl.client.start_client( - "localhost:8080", - client=client.to_client(), - root_certificates=Path(".cache/certificates/ca.crt").read_bytes(), - ) + flower-client-app client:app + --root-certificates certificates/ca.crt + --server 127.0.0.1:9092 -When setting :code:`root_certificates`, the client expects the PEM-encoded root certificates as a byte string. -We are again using :code:`Path` to simplify reading those as byte strings. +When setting :code:`root_certificates`, the client expects the file path to a PEM-encoded root certificates. Conclusion From 3d273cdae6d3766f22d55fa1333a2be9355a8651 Mon Sep 17 00:00:00 2001 From: Daniel Nata Nugraha Date: Mon, 6 May 2024 17:24:40 +0200 Subject: [PATCH 2/4] Add sentence --- doc/source/how-to-enable-ssl-connections.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/source/how-to-enable-ssl-connections.rst b/doc/source/how-to-enable-ssl-connections.rst index 93730373af92..256f5ae7c728 100644 --- a/doc/source/how-to-enable-ssl-connections.rst +++ b/doc/source/how-to-enable-ssl-connections.rst @@ -46,7 +46,7 @@ We are now going to show how to write a sever which uses the previously generate flower-superlink --certificates certificates/ca.crt certificates/server.pem certificates/server.key -When providing certificates, the server expects a tuple of three certificates paths. +When providing certificates, the server expects a tuple of three certificates paths: CA certificate, server certificate, and server private key. Client From bca4e2ca814b5b7817fb4f40af2e8fed68683c6a Mon Sep 17 00:00:00 2001 From: Daniel Nata Nugraha Date: Mon, 6 May 2024 17:25:16 +0200 Subject: [PATCH 3/4] Format --- doc/source/how-to-enable-ssl-connections.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/source/how-to-enable-ssl-connections.rst b/doc/source/how-to-enable-ssl-connections.rst index 256f5ae7c728..0824bc1943c6 100644 --- a/doc/source/how-to-enable-ssl-connections.rst +++ b/doc/source/how-to-enable-ssl-connections.rst @@ -60,7 +60,7 @@ We are now going to show how to write a client which uses the previously generat --root-certificates certificates/ca.crt --server 127.0.0.1:9092 -When setting :code:`root_certificates`, the client expects the file path to a PEM-encoded root certificates. +When setting :code:`root_certificates`, the client expects a file path to a PEM-encoded root certificates. Conclusion From 2e1e1b9e46bd40ee3f4d1fadacdfdf0bacff8bf8 Mon Sep 17 00:00:00 2001 From: "Daniel J. Beutel" Date: Mon, 6 May 2024 17:50:03 +0200 Subject: [PATCH 4/4] Edit SSL docs --- doc/source/how-to-enable-ssl-connections.rst | 38 ++++++++++---------- 1 file changed, 18 insertions(+), 20 deletions(-) diff --git a/doc/source/how-to-enable-ssl-connections.rst b/doc/source/how-to-enable-ssl-connections.rst index 0824bc1943c6..5c762fe1169a 100644 --- a/doc/source/how-to-enable-ssl-connections.rst +++ b/doc/source/how-to-enable-ssl-connections.rst @@ -1,14 +1,14 @@ Enable SSL connections ====================== -This guide describes how to a SSL-enabled secure Flower server can be started and -how a Flower client can establish a secure connections to it. +This guide describes how to a SSL-enabled secure Flower server (:code:`SuperLink`) can be started and +how a Flower client (:code:`SuperNode`) can establish a secure connections to it. A complete code example demonstrating a secure connection can be found `here `_. -The code example comes with a README.md file which will explain how to start it. Although it is -already SSL-enabled, it might be less descriptive on how. Stick to this guide for a deeper +The code example comes with a :code:`README.md` file which explains how to start it. Although it is +already SSL-enabled, it might be less descriptive on how it does so. Stick to this guide for a deeper introduction to the topic. @@ -19,7 +19,6 @@ Using SSL-enabled connections requires certificates to be passed to the server a the purpose of this guide we are going to generate self-signed certificates. As this can become quite complex we are going to ask you to run the script in :code:`examples/advanced-tensorflow/certificates/generate.sh` - with the following command sequence: .. code-block:: bash @@ -29,30 +28,29 @@ with the following command sequence: This will generate the certificates in :code:`examples/advanced-tensorflow/.cache/certificates`. -The approach how the SSL certificates are generated in this example can serve as an inspiration and -starting point but should not be taken as complete for production environments. Please refer to other +The approach for generating SSL certificates in the context of this example can serve as an inspiration and +starting point, but it should not be used as a reference for production environments. Please refer to other sources regarding the issue of correctly generating certificates for production environments. - -In case you are a researcher you might be just fine using the self-signed certificates generated using -the scripts which are part of this guide. +For non-critical prototyping or research projects, it might be sufficient to use the self-signed certificates generated using +the scripts mentioned in this guide. -Server ------- +Server (SuperLink) +------------------ -We are now going to show how to write a sever which uses the previously generated scripts. +Use the following terminal command to start a sever (SuperLink) that uses the previously generated certificates: .. code-block:: bash flower-superlink --certificates certificates/ca.crt certificates/server.pem certificates/server.key -When providing certificates, the server expects a tuple of three certificates paths: CA certificate, server certificate, and server private key. +When providing certificates, the server expects a tuple of three certificates paths: CA certificate, server certificate and server private key. -Client ------- +Client (SuperNode) +------------------ -We are now going to show how to write a client which uses the previously generated scripts: +Use the following terminal command to start a client (SuperNode) that uses the previously generated certificates: .. code-block:: bash @@ -60,14 +58,14 @@ We are now going to show how to write a client which uses the previously generat --root-certificates certificates/ca.crt --server 127.0.0.1:9092 -When setting :code:`root_certificates`, the client expects a file path to a PEM-encoded root certificates. +When setting :code:`root_certificates`, the client expects a file path to PEM-encoded root certificates. Conclusion ---------- -You should now have learned how to generate self-signed certificates using the given script, start a -SSL-enabled server, and have a client establish a secure connection to it. +You should now have learned how to generate self-signed certificates using the given script, start an +SSL-enabled server and have a client establish a secure connection to it. Additional resources