There are two ways of enabling SSL for our application. We can either serve an HTTPS application by the providing the required configuration for it on start, or by proxying the requests through an SSL-enabled web server. In this section, we will see how the first option can be used and the latter will be covered in the next section.
We can choose to run both the HTTP and HTTPS versions or just opt for one of them using the http.port and https.port settings. By default, HTTPS is disabled and we can enable it by specifying https.port as follows:
#setting https port to 1234 [PlayScala] $ start -Dhttps.port=1234 #disabling http port and setting https port to 1234 [PlayScala] $ start -Dhttp.port=disabled -Dhttps.port=1234
Play generates self-signed certificates if we do not provide them, and starts the application with SSL enabled in it. However, these certificates are unsuitable for an actual application and we need to specify the details of the key store using the following settings:
|
Property |
Purpose |
Default value |
|---|---|---|
|
|
The path to the key store containing a private key and certificate |
This value is dynamically generated |
|
|
The key store type |
JavaKeyStore (JKS) |
|
|
The password |
Blank password |
|
|
The key store algorithm |
The platform's default algorithm |
In addition to this, we can also specify SSLEngine through the play.http.sslengineprovider setting. The prerequisite for this is that the custom SSLEngine should implement the play.server.api.SSLEngineProvider trait.
Note
It is recommended to use JDK 1.8 when a Play application with SSL enabled is running in production, since Play uses some of the features of JDK 1.8 to facilitate it. If using JDK 1.8 is not feasible, a reverse proxy with SSL enabled should be used instead. Refer to https://www.playframework.com/documentation/2.3.x/ConfiguringHttps for more details.