Enforce SSL on Play! Framework

Question

I\'m currently using Play! 1.2.2 and its new Netty client framework.

I haven\'t found a straightforward method to enforce SSL, although can get HTTP and HTTPS to serve a

Answer 1

There are a couple of ways to enforce SSL.

Firstly, you can set all your actions to use the .secure() method, for example

index page

Alternatively, and probably the best way, is to do this via a frontend HTTP server, such as Apache, Nginx or Lighttpd.

The idea of the frontend http server, is that your application runs on port 9000, but is not accessible from the outside network. HTTP is responsible for all incoming requests, and is configured to only accept HTTPS. The HTTPS is handled by the HTTP server, and the request is then forwarded on to Play.

This leaves your entire Play application to work as normal, and the SSL is offloaded to another application.

This same method can be applied to a load balancer, rather than HTTP server, but I am guessing the majority of people will go with the far cheaper alternative of a HTTP server, unless running in a corporate environment.